Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Nasty virus reinfection! Help needed [Solved]


  • This topic is locked This topic is locked

#1
alternate

alternate

    Member

  • Member
  • PipPip
  • 81 posts

Hi guys I would appreciate if someone could help me get rid of this virus. here's my logs:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:38:53 AM, on 4/28/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
Boot mode: Normal

Running processes:
C:\Users\deco\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Users\deco\Desktop\Virus Tools\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110902204322.dll
O2 - BHO: FLVBlaster.FLVBlasterIEAddon - {807ca0aa-7cb3-4f03-bd61-076f618cc82d} - mscoree.dll (file missing)
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\deco\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
O8 - Extra context menu item: Download with FLV Blaster - C:\Users\deco\AppData\Roaming\FLV2PC\Internet Explorer\script.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Fast Track Audio Device Monitor (FastTrackAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13166 bytes
 

 

OTL logfile created on: 4/28/2016 12:10:23 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\deco\Desktop\Virus Tools
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.40% Memory free
7.97 Gb Paging File | 6.11 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 634.97 Gb Free Space | 69.63% Space Free | Partition Type: NTFS
 
Computer Name: DECO-PC | User Name: deco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2016/04/27 00:15:48 | 000,303,000 | ---- | M] () -- C:\ProgramData\vreXjvX\protect\protect.exe
PRC - [2016/04/25 23:49:26 | 000,574,672 | ---- | M] (WFini LIMITED) -- C:\ProgramData\6winp6\WFini.exe
PRC - [2016/04/24 23:54:32 | 000,376,592 | ---- | M] (tsvr.com) -- C:\Users\deco\AppData\Roaming\TSv\TSvr.exe
PRC - [2016/04/23 11:15:56 | 000,554,176 | ---- | M] (Microsoft Corporation) -- C:\Users\deco\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2016/04/19 18:59:27 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/12/14 04:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/12/08 19:51:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\deco\Desktop\Virus Tools\OTL.exe
PRC - [2015/10/30 04:19:59 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2015/10/19 14:53:04 | 000,339,968 | ---- | M] (Popcorn Time) -- C:\Program Files (x86)\Popcorn Time\Updater.exe
PRC - [2014/11/07 09:07:01 | 000,266,824 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2014/11/07 09:06:51 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/11/07 09:06:44 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/10/30 01:41:44 | 000,031,856 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/10/29 15:06:54 | 000,560,192 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
PRC - [2014/10/26 18:59:24 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/09/18 14:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/05/21 17:33:20 | 001,962,768 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe
PRC - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2010/08/04 09:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/04/23 11:15:54 | 000,679,624 | ---- | M] () -- C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
MOD - [2016/04/19 18:59:27 | 022,284,800 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
MOD - [2016/04/19 18:59:27 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2016/04/19 18:59:27 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
MOD - [2015/09/15 09:58:36 | 008,901,184 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2014/10/29 15:07:02 | 000,065,600 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
MOD - [2014/10/29 15:06:54 | 000,560,192 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MOD - [2014/10/29 15:01:58 | 001,382,048 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
MOD - [2010/08/04 09:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 06:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/04/04 09:28:28 | 001,443,520 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV:64bit: - [2016/04/02 00:21:17 | 000,498,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2016/04/02 00:15:47 | 001,090,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2016/04/02 00:07:41 | 002,158,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2016/03/29 04:51:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2016/03/29 04:50:15 | 000,066,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2016/03/29 04:38:23 | 000,207,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2016/03/29 04:27:45 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2016/03/29 04:20:21 | 000,948,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2016/03/29 04:13:03 | 000,587,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2016/03/29 03:32:15 | 001,098,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2016/03/29 02:45:48 | 000,338,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2016/02/24 06:34:50 | 001,613,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/02/24 06:28:35 | 003,449,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2016/02/24 05:43:01 | 000,625,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2016/02/24 04:19:10 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2016/02/24 04:07:53 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2016/02/24 03:59:32 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2016/02/24 03:40:53 | 001,224,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2016/02/24 03:18:37 | 001,490,432 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2016/02/23 06:20:41 | 001,139,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2016/02/23 06:17:08 | 000,649,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2016/02/23 05:29:35 | 000,591,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2016/02/23 05:28:32 | 000,275,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2016/02/23 05:20:42 | 000,847,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/02/23 05:20:36 | 000,606,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2016/02/23 04:58:02 | 000,163,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2016/01/16 02:24:56 | 002,057,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2016/01/04 22:49:33 | 000,749,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/01/04 22:43:47 | 000,912,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/12/12 10:21:40 | 000,162,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/12/12 10:17:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/12/12 10:17:00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2015/12/07 01:15:40 | 001,035,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/10/30 04:19:28 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/10/30 04:19:26 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/10/30 04:19:26 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/10/30 04:18:46 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/10/30 04:18:43 | 001,872,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/10/30 04:18:41 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/10/30 04:18:19 | 001,297,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/10/30 04:18:18 | 000,729,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/10/30 04:18:14 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/10/30 04:18:01 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/10/30 04:18:01 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/10/30 04:18:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/10/30 04:18:01 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/10/30 04:18:01 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/10/30 04:17:59 | 002,745,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/10/30 04:17:59 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/10/30 04:17:59 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/10/30 04:17:58 | 000,764,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/10/30 04:17:58 | 000,287,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/10/30 04:17:54 | 000,360,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/10/30 04:17:53 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/10/30 04:17:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/10/30 04:17:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/10/30 04:17:52 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/10/30 04:17:51 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/10/30 04:17:50 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_c25f902)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_c1ea93f)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_b373ecd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_9b831b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_92b9988)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_8813b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_7b374)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_779a392)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_6e717)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_488fcf4)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_3cec53b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_39abea1)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_2d9d5bd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_2aca6610)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_263866)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_1f11813)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_1ac00272)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_14973560)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_c25f902)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_c1ea93f)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_b373ecd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_9b831b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_92b9988)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_8813b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_7b374)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_779a392)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_6e717)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_488fcf4)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_3cec53b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_39abea1)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_2d9d5bd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_2aca6610)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_263866)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_1f11813)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_1ac00272)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_14973560)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_c25f902)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_c1ea93f)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_b373ecd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_9b831b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_92b9988)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_8813b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_7b374)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_779a392)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_6e717)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_488fcf4)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_3cec53b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_39abea1)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_2d9d5bd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_2aca6610)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_263866)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_1f11813)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_1ac00272)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_14973560)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_c25f902)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_c1ea93f)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_b373ecd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_9b831b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_92b9988)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_8813b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_7b374)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_779a392)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_6e717)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_488fcf4)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_3cec53b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_39abea1)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_2d9d5bd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_2aca6610)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_263866)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_1f11813)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_1ac00272)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_14973560)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_c25f902)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_c1ea93f)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_b373ecd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_9b831b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_92b9988)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_8813b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_7b374)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_779a392)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_6e717)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_488fcf4)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_3cec53b)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_39abea1)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_2d9d5bd)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_2aca6610)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_263866)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_1f11813)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_1ac00272)
SRV:64bit: - [2015/10/30 04:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_14973560)
SRV:64bit: - [2015/10/30 04:17:48 | 000,444,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/10/30 04:17:48 | 000,205,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/10/30 04:17:47 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/10/30 04:17:46 | 000,290,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2015/10/30 04:17:46 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/10/30 04:17:46 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/10/30 04:17:46 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/10/30 04:17:45 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/10/30 04:17:43 | 000,278,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/10/30 04:17:43 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/10/30 04:17:41 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2015/10/30 04:17:39 | 000,547,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/10/30 04:17:37 | 000,380,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/10/30 04:17:37 | 000,364,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/10/30 04:17:37 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/10/30 04:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/10/30 04:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/10/30 04:17:18 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2015/07/31 11:43:34 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2011/04/07 12:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/05 22:04:02 | 000,244,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/05 22:04:02 | 000,199,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/05 22:04:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2016/04/07 16:45:19 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/02/24 03:07:45 | 000,949,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/02/11 22:32:14 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/01/29 11:11:22 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/12/14 04:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/12/12 10:17:13 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/12/12 10:17:13 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/12/12 10:17:06 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/12/12 10:17:04 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/10/30 04:18:31 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 04:18:31 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 04:18:29 | 000,461,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 04:18:23 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/10/30 04:18:21 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 04:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/19 14:53:04 | 000,339,968 | ---- | M] (Popcorn Time) [Auto | Running] -- C:\Program Files (x86)\Popcorn Time\Updater.exe -- (Update service)
SRV - [2014/11/07 09:06:51 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/10/30 01:41:44 | 000,031,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/10/26 18:59:24 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/09/18 14:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2014/02/04 04:55:16 | 000,108,032 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/05/21 17:33:20 | 001,962,768 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe -- (FastTrackAudioDevMon)
SRV - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/04/27 23:25:22 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/04/24 22:14:17 | 000,047,672 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtliteusbbus.sys -- (dtliteusbbus)
DRV:64bit: - [2016/04/24 22:13:54 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2016/03/29 07:23:38 | 000,277,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016/03/29 06:25:13 | 000,258,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2016/03/29 05:21:40 | 000,378,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2016/03/29 05:16:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2016/03/29 04:23:41 | 000,694,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2016/02/23 06:25:27 | 000,534,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2016/02/23 06:20:35 | 000,238,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2016/01/16 02:46:08 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/12/12 10:21:39 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/12/12 10:21:39 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/12/12 10:17:13 | 000,175,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2015/10/30 06:07:05 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/10/30 06:06:56 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/10/30 04:19:39 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/10/30 04:18:42 | 000,052,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/10/30 04:18:09 | 000,930,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/10/30 04:18:09 | 000,385,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/10/30 04:18:08 | 000,218,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/10/30 04:18:03 | 000,200,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/10/30 04:18:03 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/10/30 04:18:03 | 000,078,848 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/10/30 04:18:03 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/10/30 04:18:03 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/10/30 04:18:03 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/10/30 04:18:03 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/10/30 04:18:01 | 000,154,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/10/30 04:17:57 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/10/30 04:17:52 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/10/30 04:17:52 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/10/30 04:17:52 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/10/30 04:17:51 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/10/30 04:17:51 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/10/30 04:17:51 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/10/30 04:17:51 | 000,074,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/10/30 04:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/10/30 04:17:50 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/10/30 04:17:46 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/10/30 04:17:46 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/10/30 04:17:42 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/10/30 04:17:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/10/30 04:17:39 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/10/30 04:17:37 | 000,293,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/10/30 04:17:37 | 000,209,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/10/30 04:17:37 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/10/30 04:17:37 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/10/30 04:17:37 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/10/30 04:17:37 | 000,099,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/10/30 04:17:37 | 000,087,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/10/30 04:17:37 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2015/10/30 04:17:37 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/10/30 04:17:37 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/10/30 04:17:37 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/10/30 04:17:26 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/10/30 04:17:25 | 000,046,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/10/30 04:17:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/10/30 04:17:25 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/10/30 04:17:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/10/30 04:17:25 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/10/30 04:17:23 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/10/30 04:17:23 | 000,532,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/10/30 04:17:23 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/10/30 04:17:23 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/10/30 04:17:23 | 000,283,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2015/10/30 04:17:23 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/10/30 04:17:23 | 000,131,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/10/30 04:17:23 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/10/30 04:17:23 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/10/30 04:17:23 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/10/30 04:17:23 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/10/30 04:17:23 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/10/30 04:17:23 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/10/30 04:17:23 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/10/30 04:17:23 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/10/30 04:17:23 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/10/30 04:17:23 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/10/30 04:17:23 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/10/30 04:17:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/10/30 04:17:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/10/30 04:17:23 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/10/30 04:17:23 | 000,034,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/10/30 04:17:23 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/10/30 04:17:23 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/10/30 04:17:22 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/10/30 04:17:22 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/10/30 04:17:22 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/10/30 04:17:22 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/10/30 04:17:22 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/10/30 04:17:22 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/10/30 04:17:22 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/10/30 04:17:22 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/10/30 04:17:22 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/10/30 04:17:22 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/10/30 04:17:22 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/10/30 04:17:22 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/10/30 04:17:22 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/10/30 04:17:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/10/30 04:17:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/10/30 04:17:22 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/10/30 04:17:22 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/10/30 04:17:22 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/10/30 04:17:22 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2015/10/30 04:17:18 | 002,504,192 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2015/10/30 04:17:18 | 000,165,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2015/10/30 04:17:18 | 000,117,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/10/30 04:17:18 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/10/30 04:17:18 | 000,081,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2015/10/30 04:17:18 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/10/30 04:17:18 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/10/30 04:17:18 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/10/30 04:17:18 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/10/30 04:17:18 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/10/30 04:17:18 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/10/30 04:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/10/30 04:17:18 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/10/30 04:17:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/10/30 04:17:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/10/30 04:17:18 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/10/30 04:17:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/17 12:04:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/08/22 09:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/06/28 19:49:35 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/05/21 17:33:20 | 000,460,048 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2012/07/15 12:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2012/05/16 11:13:34 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012/03/23 14:13:28 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/05 22:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/05 22:04:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/05 22:04:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/09 06:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 17:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2016/04/27 22:43:10 | 000,056,496 | ---- | M] (GMER) [Kernel | On_Demand | Unknown] -- C:\Users\deco\AppData\Local\Temp\kwldapod.sys -- (kwldapod)
DRV - [2016/04/27 19:12:28 | 000,057,048 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Users\deco\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2015/10/30 04:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,fr-FR;q=0.7,fr;q=0.5,pt-BR;q=0.3,pt;q=0.2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 5A 79 53 B3 1C D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js - File not found
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.15.10: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.15: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.15.10: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic602.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{338950EA-82DB-44C1-930D-0C28E023C9F0}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/11/07 09:08:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/11/07 09:08:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2016/03/29 13:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/03/29 13:36:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2016/03/29 13:36:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/03/29 13:36:47 | 000,000,000 | ---D | M]
 
[2011/08/06 20:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Extensions
[2016/04/28 00:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions
[2016/04/24 22:15:30 | 000,000,000 | ---D | M] (SNT) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\[email protected]
[2016/04/28 00:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions
[2016/04/24 22:16:16 | 000,000,000 | ---D | M] (SNT) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\[email protected]
[2016/01/16 15:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions
[2014/03/26 11:49:47 | 000,000,000 | ---D | M] (SNT) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions\[email protected]
[2016/04/25 12:39:24 | 000,673,748 | ---- | M] () (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2015/11/03 08:43:21 | 000,636,306 | ---- | M] () (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2015/11/03 08:43:21 | 000,636,306 | ---- | M] () (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2016/02/11 22:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/02/11 22:32:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/05 22:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2015/11/18 11:57:24 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2014/11/07 09:07:15 | 000,148,552 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc\1.1_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp\3.6.3_0\
CHR - Extension: No name found = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
Hosts file not found
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110902204322.dll (McAfee, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite Automount] C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [OneDrive] C:\Users\deco\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O8:64bit: - Extra context menu item: Download with FLV Blaster - C:\Users\deco\AppData\Roaming\FLV2PC\Internet Explorer\script.htm ()
O8 - Extra context menu item: Download with FLV Blaster - C:\Users\deco\AppData\Roaming\FLV2PC\Internet Explorer\script.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab(OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab(Java Plug-in 11.40.2)
O16 - DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.8.0_40)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.8.0_40)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking...GbPluginUni.cab(GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.64 201.17.0.92
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67e01175-984f-458a-99df-04aabdde5b6d}: DhcpNameServer = 201.17.0.85 201.17.0.55
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{bc9b8eca-8d3a-463c-a441-d44690c56727}: DhcpNameServer = 201.17.0.64 201.17.0.92
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Windows\Downloaded Program Files\gbiehuni.dll ()
O30:64bit: - LSA: Security Packages - (livessp) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/04/27 22:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2016/04/27 13:08:24 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\Temp
[2016/04/27 11:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\vreXjvX
[2016/04/27 11:27:27 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\vreXjvX
[2016/04/27 11:27:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\vreXjvX
[2016/04/27 11:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vreXjvX
[2016/04/27 02:29:44 | 000,000,000 | -H-D | C] -- C:\Users\deco\Desktop\Freemake_do_not_remove_this_folder
[2016/04/26 12:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2016/04/26 12:18:43 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\WinZiper
[2016/04/26 12:18:43 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\eCyber
[2016/04/26 12:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\6winp6
[2016/04/26 12:15:50 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\TSv
[2016/04/26 12:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QQBrowser
[2016/04/26 00:19:29 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\Copy of proud
[2016/04/24 22:39:06 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\Native Instruments
[2016/04/24 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\Disc_Soft_Ltd
[2016/04/24 22:33:08 | 000,000,000 | ---D | C] -- C:\Users\deco\Documents\Native Instruments
[2016/04/24 22:31:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}
[2016/04/24 22:27:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
[2016/04/24 22:25:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
[2016/04/24 22:25:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2016/04/24 22:24:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}
[2016/04/24 22:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2016/04/24 22:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2016/04/24 22:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2016/04/24 22:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2016/04/24 22:19:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Daemon Tools Images
[2016/04/24 22:15:17 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[2016/04/24 22:14:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\dmp
[2016/04/24 22:14:17 | 000,047,672 | ---- | C] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtliteusbbus.sys
[2016/04/24 22:13:54 | 000,030,264 | ---- | C] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtlitescsibus.sys
[2016/04/24 22:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2016/04/24 22:13:52 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\DAEMON Tools Lite
[2016/04/24 22:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2016/04/24 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2016/04/24 11:51:13 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\Leadertech
[2016/04/24 04:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
[2016/04/24 04:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avid
[2016/04/23 21:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves Central
[2016/04/23 21:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PositiveGrid
[2016/04/23 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\BIAS_FX
[2016/04/23 16:17:47 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\proud
[2016/04/22 19:46:49 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\M-Audio
[2016/04/22 19:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\M-Audio
[2016/04/22 19:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2016/04/22 19:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2016/04/22 19:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\M-Audio
[2016/04/22 19:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVID
[2016/04/22 19:35:35 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\InstallShield
[2016/04/21 23:50:59 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\split reaction
[2016/04/21 22:40:28 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\plugins
[2016/04/21 22:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2016/04/21 21:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2016/04/21 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2016/04/21 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Propellerhead Software
[2016/04/21 21:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2016/04/21 21:21:35 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\Common Files\WPAPI
[2016/04/21 21:21:35 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\Waves
[2016/04/21 21:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3
[2016/04/20 22:16:38 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\IK Multimedia
[2016/04/20 21:54:23 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\Waves Audio
[2016/04/20 21:54:15 | 000,000,000 | --SD | C] -- C:\ProgramData\Waves Audio
[2016/04/20 21:54:15 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\Logs
[2016/04/20 21:54:09 | 000,000,000 | --SD | C] -- C:\Users\deco\AppData\Roaming\Waves Audio
[2016/04/20 21:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Waves Central
[2016/04/17 23:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2016/04/17 23:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugIns
[2016/04/17 23:51:03 | 000,000,000 | ---D | C] -- C:\Users\deco\Documents\IK Multimedia
[2016/04/17 23:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IK Multimedia
[2016/04/17 22:50:39 | 000,000,000 | ---D | C] -- C:\Users\deco\Documents\BIAS
[2016/04/17 22:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\VSTPlugins
[2016/04/17 22:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2016/04/17 21:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2016/04/17 21:35:36 | 000,000,000 | ---D | C] -- C:\Users\deco\Documents\untitled
[2016/04/17 21:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2016/04/17 20:56:12 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\Trillium Lane
[2016/04/17 20:54:18 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\PACE Anti-Piracy
[2016/04/17 20:54:18 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\PACE Anti-Piracy
[2016/04/17 20:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2016/04/17 20:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
[2016/04/17 20:15:54 | 000,000,000 | ---D | C] -- C:\Users\deco\AvidLogFiles
[2016/04/17 20:03:26 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\Avid
[2016/04/17 19:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2016/04/17 19:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Avid
[2016/04/17 19:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE
[2016/04/17 19:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE
[2016/04/13 11:07:58 | 000,037,376 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2016/04/13 11:07:55 | 018,673,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/04/13 11:07:52 | 000,303,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2016/04/13 11:07:49 | 000,541,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2016/04/13 11:07:49 | 000,365,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2016/04/13 11:07:49 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininetlui.dll
[2016/04/13 11:07:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininetlui.dll
[2016/04/13 11:07:44 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2016/04/13 11:07:43 | 000,630,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2016/04/13 11:07:42 | 022,378,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/04/13 11:07:40 | 000,045,568 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2016/04/13 11:07:39 | 007,474,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/04/13 11:07:38 | 003,592,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2016/04/13 11:07:37 | 001,388,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2016/04/13 11:07:18 | 001,444,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2016/04/13 11:07:18 | 000,965,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2016/04/13 11:07:18 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2016/04/13 11:07:17 | 016,985,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/04/13 11:07:17 | 001,714,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2016/04/13 11:07:14 | 013,018,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/04/13 11:07:10 | 011,545,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2016/04/13 11:07:08 | 009,918,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2016/04/13 11:07:07 | 001,944,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputService.dll
[2016/04/13 11:07:07 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2016/04/13 11:07:07 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll
[2016/04/13 11:07:06 | 007,836,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/04/13 11:07:06 | 002,624,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputService.dll
[2016/04/13 11:07:06 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TextInputFramework.dll
[2016/04/13 11:07:02 | 005,662,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/04/13 11:07:01 | 003,994,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2016/04/13 11:06:58 | 003,428,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/04/13 11:06:53 | 005,202,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2016/04/13 11:06:53 | 002,798,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/04/13 11:06:52 | 000,948,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblAuthManager.dll
[2016/04/13 11:06:49 | 001,297,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2016/04/13 11:06:48 | 001,946,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2016/04/13 11:06:48 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2016/04/13 11:06:47 | 001,390,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll
[2016/04/13 11:06:46 | 001,832,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2016/04/13 11:06:46 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dosvc.dll
[2016/04/13 11:06:46 | 000,986,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2016/04/13 11:06:45 | 003,575,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsThresholdAdminFlowUI.dll
[2016/04/13 11:06:44 | 001,626,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2016/04/13 11:06:44 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2016/04/13 11:06:43 | 003,078,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esent.dll
[2016/04/13 11:06:40 | 007,199,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BingMaps.dll
[2016/04/13 11:06:40 | 002,722,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2016/04/13 11:06:40 | 001,139,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2016/04/13 11:06:39 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2016/04/13 11:06:39 | 000,859,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2016/04/13 11:06:38 | 000,938,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapControlCore.dll
[2016/04/13 11:06:38 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsStore.dll
[2016/04/13 11:06:38 | 000,696,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupEngine.dll
[2016/04/13 11:06:37 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll
[2016/04/13 11:06:37 | 000,649,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2016/04/13 11:06:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll
[2016/04/13 11:06:36 | 002,158,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2016/04/13 11:06:36 | 000,711,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll
[2016/04/13 11:06:36 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneProviders.dll
[2016/04/13 11:06:33 | 001,317,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/04/13 11:06:33 | 001,141,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/04/13 11:06:33 | 000,958,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll
[2016/04/13 11:06:32 | 001,211,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Cred.dll
[2016/04/13 11:06:32 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2016/04/13 11:06:32 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll
[2016/04/13 11:06:31 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2016/04/13 11:06:31 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputLocaleManager.dll
[2016/04/13 11:06:30 | 001,030,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2016/04/13 11:06:30 | 000,989,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SecConfig.efi
[2016/04/13 11:06:30 | 000,874,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2016/04/13 11:06:30 | 000,502,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupEngine.dll
[2016/04/13 11:06:27 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2016/04/13 11:06:27 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2016/04/13 11:06:26 | 000,556,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PsmServiceExtHost.dll
[2016/04/13 11:06:26 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tileobjserver.dll
[2016/04/13 11:06:26 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Core.TextInput.dll
[2016/04/13 11:06:25 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2016/04/13 11:06:25 | 000,369,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2016/04/13 11:06:25 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll
[2016/04/13 11:06:24 | 001,072,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2016/04/13 11:06:24 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapi.dll
[2016/04/13 11:06:24 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapConfiguration.dll
[2016/04/13 11:06:24 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorService.dll
[2016/04/13 11:06:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
[2016/04/13 11:06:23 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AccountsRt.dll
[2016/04/13 11:06:23 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenrollengine.dll
[2016/04/13 11:06:23 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapConfiguration.dll
[2016/04/13 11:06:22 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NMAA.dll
[2016/04/13 11:06:22 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
[2016/04/13 11:06:22 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AccountsRt.dll
[2016/04/13 11:06:22 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupSvc.dll
[2016/04/13 11:06:21 | 000,300,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe
[2016/04/13 11:06:19 | 000,821,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2016/04/13 11:06:19 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
[2016/04/13 11:06:19 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredProvDataModel.dll
[2016/04/13 11:06:18 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MessagingDataModel2.dll
[2016/04/13 11:06:18 | 000,253,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe
[2016/04/13 11:06:18 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2016/04/13 11:06:17 | 001,410,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2016/04/13 11:06:17 | 001,056,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JpMapControl.dll
[2016/04/13 11:06:17 | 001,052,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll
[2016/04/13 11:06:17 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncController.dll
[2016/04/13 11:06:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2016/04/13 11:06:15 | 000,730,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll
[2016/04/13 11:06:13 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
[2016/04/13 11:06:12 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll
[2016/04/13 11:06:11 | 001,239,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Bluetooth.dll
[2016/04/13 11:06:11 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshostcore.dll
[2016/04/13 11:06:04 | 000,848,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2016/04/13 11:06:04 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2016/04/13 11:06:03 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredProvDataModel.dll
[2016/04/13 11:06:02 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\accountaccessor.dll
[2016/04/13 11:06:02 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmmigrator.dll
[2016/04/13 11:06:02 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
[2016/04/13 11:06:01 | 000,787,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.dll
[2016/04/13 11:06:01 | 000,638,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2016/04/13 11:06:01 | 000,296,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\policymanager.dll
[2016/04/13 11:05:58 | 003,351,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2016/04/13 11:05:58 | 000,686,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2016/04/13 11:05:58 | 000,258,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ufx01000.sys
[2016/04/13 11:05:56 | 000,881,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll
[2016/04/13 11:05:55 | 001,117,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2016/04/13 11:05:55 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
[2016/04/13 11:05:55 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2016/04/13 11:05:54 | 000,378,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2016/04/13 11:05:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxSysprep.dll
[2016/04/13 11:05:54 | 000,084,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupApi.dll
[2016/04/13 11:05:53 | 000,682,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll
[2016/04/13 11:05:53 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.dll
[2016/04/13 11:05:53 | 000,261,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LsaIso.exe
[2016/04/13 11:05:53 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AboveLockAppHost.dll
[2016/04/13 11:05:53 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEDataLayerHelpers.dll
[2016/04/13 11:05:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msorcl32.dll
[2016/04/13 11:05:52 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\policymanagerprecheck.dll
[2016/04/13 11:05:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MosStorage.dll
[2016/04/13 11:05:52 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MosStorage.dll
[2016/04/13 11:05:50 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2016/04/13 11:05:49 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2016/04/13 11:05:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncbservice.dll
[2016/04/13 11:05:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2016/04/13 11:05:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\xinputhid.sys
[2016/04/13 11:05:48 | 000,848,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2016/04/13 11:05:48 | 000,374,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2016/04/13 11:05:48 | 000,334,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\policymanager.dll
[2016/04/13 11:05:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveui.dll
[2016/04/13 11:05:48 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Devices.dll
[2016/04/13 11:05:47 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2016/04/13 11:05:47 | 000,115,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupApi.dll
[2016/04/13 11:05:47 | 000,100,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\omadmapi.dll
[2016/04/13 11:05:46 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AboveLockAppHost.dll
[2016/04/13 11:05:45 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2016/04/13 11:05:45 | 000,110,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srvcli.dll
[2016/04/13 11:05:44 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Bluetooth.dll
[2016/04/13 11:05:44 | 000,081,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netapi32.dll
[2016/04/13 11:05:40 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2016/04/13 11:05:40 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Devices.dll
[2016/04/13 11:05:40 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll
[2016/04/13 11:05:40 | 000,078,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wkscli.dll
[2016/04/13 11:05:39 | 000,277,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2016/04/13 11:05:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wkscli.dll
[2016/04/13 11:05:38 | 000,770,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll
[2016/04/13 11:05:37 | 000,694,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdiWiFi.sys
[2016/04/13 11:05:37 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleacc.dll
[2016/04/13 11:05:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BitLockerDeviceEncryption.exe
[2016/04/13 11:05:36 | 000,074,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\easinvoker.exe
[2016/04/13 11:05:36 | 000,051,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsNativeApi.dll
[2016/04/13 11:05:35 | 000,841,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2016/04/13 11:05:35 | 000,185,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2016/04/13 11:05:35 | 000,058,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsNativeApi.dll
[2016/04/13 11:05:34 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2016/04/13 11:05:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAFWSD.dll
[2016/04/13 11:05:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsdchngr.dll
[2016/04/13 11:05:33 | 000,638,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2016/04/13 11:05:33 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/04/13 11:05:32 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovhost.dll
[2016/04/13 11:05:32 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
[2016/04/13 11:05:28 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\easwrt.dll
[2016/04/13 11:05:27 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/04/13 11:05:27 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcsps.dll
[2016/04/13 11:05:26 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEEventDispatcher.dll
[2016/04/13 11:05:26 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationObjFactory.dll
[2016/04/13 11:05:26 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NotificationObjFactory.dll
[2016/04/13 11:05:26 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEStoreEventHandlers.dll
[2016/04/13 11:05:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserbroker.dll
[2016/04/13 11:05:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsdchngr.dll
[2016/04/13 11:05:25 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2016/04/13 11:05:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovhost.dll
[2016/04/13 11:05:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuautoappupdate.dll
[2016/04/13 11:05:24 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2016/04/13 11:05:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tzautoupdate.dll
[2016/04/13 11:05:23 | 004,774,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2016/04/13 11:05:23 | 000,821,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fvewiz.dll
[2016/04/13 11:05:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OnDemandConnRouteHelper.dll
[2016/04/13 11:05:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\basesrv.dll
[2016/04/13 11:05:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\browcli.dll
[2016/04/13 11:05:22 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browcli.dll
[2016/04/13 11:05:22 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManagerShellext.exe
[2016/04/13 11:05:21 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2016/04/13 11:05:21 | 000,450,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncController.dll
[2016/04/13 11:05:21 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fvecpl.dll
[2016/04/13 11:05:21 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tbauth.dll
[2016/04/13 11:05:20 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\easwrt.dll
[2016/04/13 11:05:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveskybackup.dll
[2016/04/13 11:05:19 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsNativeApi.V2.dll
[2016/04/13 11:05:18 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samlib.dll
[2016/04/13 11:05:17 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.DeviceEncryptionHandlers.dll
[2016/04/13 11:05:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2016/04/13 11:05:16 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2016/04/13 11:05:16 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FontProvider.dll
[2016/04/13 11:05:16 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshost.dll
[2016/04/13 11:05:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tbauth.dll
[2016/04/13 11:05:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerCookies.exe
[2016/04/13 11:05:15 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\portcls.sys
[2016/04/13 11:05:15 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenterprisediagnostics.dll
[2016/04/13 11:05:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mapsupdatetask.dll
[2016/04/13 11:05:15 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerCookies.exe
[2016/04/13 11:05:14 | 007,979,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll
[2016/04/13 11:05:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetCfgNotifyObjectHost.exe
[2016/04/13 11:05:13 | 006,297,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2016/04/13 11:05:13 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsBtSvc.dll
[2016/04/13 11:05:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsCSP.dll
[2016/04/13 11:05:12 | 000,784,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll
[2016/04/13 11:05:12 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapibase.dll
[2016/04/13 11:05:12 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mtxoci.dll
[2016/04/13 11:05:12 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxoci.dll
[2016/04/13 11:05:12 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BdeHdCfgLib.dll
[2016/04/13 11:05:12 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OnDemandConnRouteHelper.dll
[2016/04/13 11:05:11 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsNativeApi.V2.dll
[2016/04/13 11:05:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleacchooks.dll
[2016/04/13 11:05:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\oleacchooks.dll
[2016/04/13 11:05:10 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcastdvr.exe
[2016/04/13 11:05:10 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2016/04/13 11:05:10 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapsBtSvc.dll
[2016/04/13 11:05:09 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2016/04/13 11:05:09 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2016/04/13 11:05:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppCapture.dll
[2016/04/08 13:29:36 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\2015 statements
[2016/04/08 12:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
[2016/04/07 16:45:02 | 005,934,784 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
[2016/04/04 13:53:14 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\Bounces
[2016/04/04 13:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2016/03/29 13:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2016/03/29 13:34:47 | 006,362,264 | ---- | C] (WindSolutions) -- C:\Users\deco\Desktop\CopyTransDriversInstaller.exe
[2016/03/29 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
[2016/03/29 13:26:52 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Roaming\WindSolutions
[2016/03/29 13:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2016/03/29 12:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/04/27 23:45:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/04/27 23:40:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/04/27 23:40:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/04/27 23:39:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_sales in bloom.job
[2016/04/27 23:39:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\WpsNotifyTask_sales in bloom.job
[2016/04/27 23:35:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job
[2016/04/27 23:35:01 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job
[2016/04/27 23:25:22 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/04/27 23:23:09 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/04/27 23:09:03 | 000,000,001 | ---- | M] () -- C:\WINDOWS\SysWow64\us.html
[2016/04/27 23:08:48 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2016/04/27 23:08:48 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2016/04/27 23:04:05 | 000,089,421 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20160427230305
[2016/04/27 23:03:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/04/27 23:01:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/04/27 23:01:01 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2016/04/27 22:53:45 | 000,008,459 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20160427225244
[2016/04/27 22:49:09 | 000,002,419 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20160427224809
[2016/04/27 22:46:56 | 552,806,388 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2016/04/27 22:35:52 | 000,009,673 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20160427223452
[2016/04/27 19:23:27 | 001,008,216 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/04/27 19:23:27 | 000,835,958 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/04/27 19:23:27 | 000,172,032 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/04/27 18:54:03 | 010,281,826 | ---- | M] () -- C:\Users\deco\Desktop\Proud Of You.mp3
[2016/04/27 17:19:30 | 068,013,430 | ---- | M] () -- C:\Users\deco\Desktop\Proud Of You.wav
[2016/04/27 13:09:15 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\subinacl.exe
[2016/04/27 11:27:24 | 000,002,183 | ---- | M] () -- C:\Users\deco\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/04/27 11:27:22 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/04/27 02:30:36 | 009,630,946 | ---- | M] () -- C:\Users\deco\Desktop\sewer.mp3
[2016/04/27 02:30:22 | 010,179,106 | ---- | M] () -- C:\Users\deco\Desktop\proudofu.mp3
[2016/04/27 02:30:07 | 008,709,346 | ---- | M] () -- C:\Users\deco\Desktop\NJ.mp3
[2016/04/27 02:29:54 | 007,234,786 | ---- | M] () -- C:\Users\deco\Desktop\loathed.mp3
[2016/04/27 02:27:05 | 042,468,352 | ---- | M] () -- C:\Users\deco\Desktop\sewer.wav
[2016/04/27 01:12:12 | 033,670,268 | ---- | M] () -- C:\Users\deco\Desktop\proudofu.wav
[2016/04/27 00:38:45 | 038,405,120 | ---- | M] () -- C:\Users\deco\Desktop\NJ.wav
[2016/04/27 00:11:57 | 023,931,308 | ---- | M] () -- C:\Users\deco\Desktop\loathed.wav
[2016/04/24 22:24:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2016/04/24 22:21:48 | 000,002,168 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/04/24 22:14:17 | 000,047,672 | ---- | M] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtliteusbbus.sys
[2016/04/24 22:13:54 | 000,030,264 | ---- | M] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtlitescsibus.sys
[2016/04/24 22:13:53 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2016/04/24 12:09:32 | 004,920,128 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/04/24 04:27:12 | 000,002,074 | ---- | M] () -- C:\Users\deco\Application Data\Microsoft\Internet Explorer\Quick Launch\Pro Tools 10.lnk
[2016/04/24 04:27:12 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Pro Tools 10.lnk
[2016/04/23 21:40:11 | 000,000,030 | ---- | M] () -- C:\Users\deco\AppData\Roaming\.pgbiasfx
[2016/04/23 19:09:06 | 000,000,016 | ---- | M] () -- C:\WINDOWS\SysWow64\w3data.vss
[2016/04/23 19:09:06 | 000,000,016 | ---- | M] () -- C:\WINDOWS\SysWow64\msvcsv60.dll
[2016/04/23 19:09:06 | 000,000,016 | ---- | M] () -- C:\Users\deco\AppData\Roaming\msregsvv.dll
[2016/04/23 19:09:06 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2016/04/23 19:09:06 | 000,000,016 | ---- | M] () -- C:\ProgramData\autobk.inc
[2016/04/17 21:57:39 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2016/04/15 13:17:05 | 013,363,814 | ---- | M] () -- C:\Users\deco\Desktop\IRS divida.rtf
[2016/04/13 13:35:24 | 019,607,285 | ---- | M] () -- C:\Users\deco\Desktop\ListaStock.xml
[2016/04/08 13:00:46 | 000,001,095 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2016/04/08 12:57:28 | 000,002,547 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2015.lnk
[2016/04/07 16:45:04 | 005,934,784 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
[2016/04/07 09:49:58 | 000,029,842 | ---- | M] () -- C:\License.rtf
[2016/04/06 15:32:08 | 000,829,944 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/04/06 15:32:08 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/04/02 01:13:14 | 000,369,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2016/04/02 01:10:46 | 000,730,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll
[2016/04/02 01:10:39 | 000,374,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2016/04/02 01:10:25 | 000,770,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll
[2016/04/02 00:30:16 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEStoreEventHandlers.dll
[2016/04/02 00:29:38 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEDataLayerHelpers.dll
[2016/04/02 00:29:29 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll
[2016/04/02 00:26:25 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneProviders.dll
[2016/04/02 00:25:58 | 000,239,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NotificationObjFactory.dll
[2016/04/02 00:25:42 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationObjFactory.dll
[2016/04/02 00:23:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
[2016/04/02 00:23:05 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEEventDispatcher.dll
[2016/04/02 00:21:17 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tileobjserver.dll
[2016/04/02 00:18:47 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll
[2016/04/02 00:15:47 | 001,090,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2016/04/02 00:14:35 | 003,994,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2016/04/02 00:09:17 | 001,832,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2016/04/02 00:07:41 | 002,158,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2016/04/02 00:07:22 | 003,575,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsThresholdAdminFlowUI.dll
[2016/04/02 00:03:52 | 004,774,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2016/04/02 00:00:39 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll
[2016/03/29 13:27:16 | 000,001,421 | ---- | M] () -- C:\Users\deco\Desktop\CopyTrans Control Center.lnk
[2016/03/29 07:23:38 | 000,277,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2016/03/29 07:22:12 | 001,030,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2016/03/29 07:22:12 | 000,874,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2016/03/29 07:20:20 | 007,474,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/03/29 07:20:19 | 001,317,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/03/29 07:20:19 | 001,141,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/03/29 07:20:17 | 002,656,952 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2016/03/29 07:15:23 | 000,100,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\omadmapi.dll
[2016/03/29 07:11:32 | 000,686,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2016/03/29 07:02:09 | 000,989,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SecConfig.efi
[2016/03/29 07:02:02 | 000,334,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\policymanager.dll
[2016/03/29 06:56:37 | 001,297,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2016/03/29 06:37:57 | 001,862,008 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/03/29 06:28:18 | 000,115,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupApi.dll
[2016/03/29 06:28:16 | 000,696,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupEngine.dll
[2016/03/29 06:25:23 | 000,058,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsNativeApi.dll
[2016/03/29 06:25:13 | 000,258,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ufx01000.sys
[2016/03/29 06:19:37 | 000,296,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\policymanager.dll
[2016/03/29 06:18:27 | 000,185,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2016/03/29 06:17:08 | 000,300,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe
[2016/03/29 06:13:11 | 000,986,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2016/03/29 06:11:27 | 000,074,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\easinvoker.exe
[2016/03/29 06:10:44 | 000,110,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srvcli.dll
[2016/03/29 06:09:54 | 000,078,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wkscli.dll
[2016/03/29 06:08:30 | 000,261,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LsaIso.exe
[2016/03/29 06:07:11 | 000,081,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netapi32.dll
[2016/03/29 05:44:53 | 000,502,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupEngine.dll
[2016/03/29 05:44:50 | 000,084,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupApi.dll
[2016/03/29 05:41:44 | 000,051,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsNativeApi.dll
[2016/03/29 05:41:04 | 000,630,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2016/03/29 05:32:59 | 000,253,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe
[2016/03/29 05:25:44 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wkscli.dll
[2016/03/29 05:21:40 | 000,378,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2016/03/29 05:17:11 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsCSP.dll
[2016/03/29 05:16:55 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\xinputhid.sys
[2016/03/29 05:07:26 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\policymanagerprecheck.dll
[2016/03/29 05:07:20 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2016/03/29 05:07:14 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsNativeApi.V2.dll
[2016/03/29 05:07:14 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsdchngr.dll
[2016/03/29 05:07:09 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenterprisediagnostics.dll
[2016/03/29 05:06:14 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleacchooks.dll
[2016/03/29 05:06:04 | 000,045,568 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2016/03/29 05:02:38 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll
[2016/03/29 05:01:15 | 000,541,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2016/03/29 05:00:51 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveskybackup.dll
[2016/03/29 05:00:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mapsupdatetask.dll
[2016/03/29 05:00:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetCfgNotifyObjectHost.exe
[2016/03/29 04:59:20 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManagerShellext.exe
[2016/03/29 04:58:17 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininetlui.dll
[2016/03/29 04:57:59 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samlib.dll
[2016/03/29 04:57:44 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browcli.dll
[2016/03/29 04:57:42 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2016/03/29 04:57:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MosStorage.dll
[2016/03/29 04:55:34 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tbauth.dll
[2016/03/29 04:55:24 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsBtSvc.dll
[2016/03/29 04:54:03 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mtxoci.dll
[2016/03/29 04:53:25 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FontProvider.dll
[2016/03/29 04:52:04 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerCookies.exe
[2016/03/29 04:51:53 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2016/03/29 04:51:06 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tzautoupdate.dll
[2016/03/29 04:50:57 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxSysprep.dll
[2016/03/29 04:50:52 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BdeHdCfgLib.dll
[2016/03/29 04:50:25 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OnDemandConnRouteHelper.dll
[2016/03/29 04:50:15 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshost.dll
[2016/03/29 04:50:11 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuautoappupdate.dll
[2016/03/29 04:49:59 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserbroker.dll
[2016/03/29 04:48:58 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Devices.dll
[2016/03/29 04:48:35 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppCapture.dll
[2016/03/29 04:46:30 | 000,365,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2016/03/29 04:44:19 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAFWSD.dll
[2016/03/29 04:42:37 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshostcore.dll
[2016/03/29 04:39:18 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2016/03/29 04:38:23 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupSvc.dll
[2016/03/29 04:36:09 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2016/03/29 04:35:45 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovhost.dll
[2016/03/29 04:35:40 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleacc.dll
[2016/03/29 04:34:50 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\portcls.sys
[2016/03/29 04:34:37 | 000,641,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2016/03/29 04:34:10 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2016/03/29 04:33:46 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\easwrt.dll
[2016/03/29 04:32:57 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcastdvr.exe
[2016/03/29 04:32:35 | 000,764,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2016/03/29 04:30:14 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msorcl32.dll
[2016/03/29 04:28:42 | 000,460,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapConfiguration.dll
[2016/03/29 04:27:45 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorService.dll
[2016/03/29 04:26:12 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmmigrator.dll
[2016/03/29 04:23:59 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MessagingDataModel2.dll
[2016/03/29 04:23:41 | 000,694,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdiWiFi.sys
[2016/03/29 04:23:09 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2016/03/29 04:22:47 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AccountsRt.dll
[2016/03/29 04:21:39 | 000,330,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/03/29 04:20:34 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsdchngr.dll
[2016/03/29 04:20:33 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsNativeApi.V2.dll
[2016/03/29 04:20:28 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AboveLockAppHost.dll
[2016/03/29 04:20:21 | 000,948,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblAuthManager.dll
[2016/03/29 04:19:43 | 000,556,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PsmServiceExtHost.dll
[2016/03/29 04:19:39 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\oleacchooks.dll
[2016/03/29 04:19:30 | 000,037,376 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2016/03/29 04:17:55 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredProvDataModel.dll
[2016/03/29 04:17:29 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2016/03/29 04:17:04 | 001,056,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JpMapControl.dll
[2016/03/29 04:16:33 | 000,852,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsStore.dll
[2016/03/29 04:16:09 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll
[2016/03/29 04:15:44 | 001,714,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2016/03/29 04:14:43 | 000,965,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2016/03/29 04:14:05 | 000,859,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2016/03/29 04:13:03 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2016/03/29 04:12:16 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll
[2016/03/29 04:12:15 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininetlui.dll
[2016/03/29 04:11:45 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\browcli.dll
[2016/03/29 04:11:44 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2016/03/29 04:11:28 | 000,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll
[2016/03/29 04:11:27 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MosStorage.dll
[2016/03/29 04:11:23 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NMAA.dll
[2016/03/29 04:10:45 | 000,938,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapControlCore.dll
[2016/03/29 04:10:40 | 001,388,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2016/03/29 04:09:56 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tbauth.dll
[2016/03/29 04:09:47 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapsBtSvc.dll
[2016/03/29 04:09:12 | 001,239,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Bluetooth.dll
[2016/03/29 04:08:39 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxoci.dll
[2016/03/29 04:08:35 | 000,888,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2016/03/29 04:08:32 | 000,841,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2016/03/29 04:06:55 | 001,575,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2016/03/29 04:06:55 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerCookies.exe
[2016/03/29 04:06:54 | 000,848,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2016/03/29 04:05:30 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OnDemandConnRouteHelper.dll
[2016/03/29 04:05:21 | 001,395,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2016/03/29 04:04:15 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Devices.dll
[2016/03/29 04:02:45 | 001,211,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Cred.dll
[2016/03/29 04:02:16 | 002,624,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputService.dll
[2016/03/29 04:02:14 | 000,303,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2016/03/29 04:00:38 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.DeviceEncryptionHandlers.dll
[2016/03/29 04:00:11 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Core.TextInput.dll
[2016/03/29 04:00:08 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TextInputFramework.dll
[2016/03/29 04:00:05 | 000,235,008 | ---- | M] () -- C:\WINDOWS\SysNative\MTF.dll
[2016/03/29 03:59:56 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputLocaleManager.dll
[2016/03/29 03:59:52 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapibase.dll
[2016/03/29 03:59:10 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BitLockerDeviceEncryption.exe
[2016/03/29 03:56:21 | 000,415,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2016/03/29 03:56:05 | 000,821,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2016/03/29 03:55:42 | 001,052,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll
[2016/03/29 03:53:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovhost.dll
[2016/03/29 03:52:16 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2016/03/29 03:52:01 | 000,141,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\easwrt.dll
[2016/03/29 03:49:56 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveui.dll
[2016/03/29 03:48:08 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapConfiguration.dll
[2016/03/29 03:44:25 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
[2016/03/29 03:43:29 | 000,358,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AccountsRt.dll
[2016/03/29 03:42:33 | 000,250,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/03/29 03:42:31 | 001,410,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2016/03/29 03:42:28 | 003,592,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2016/03/29 03:41:39 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AboveLockAppHost.dll
[2016/03/29 03:40:56 | 000,787,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.dll
[2016/03/29 03:39:35 | 000,350,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredProvDataModel.dll
[2016/03/29 03:39:19 | 000,496,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2016/03/29 03:38:55 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll
[2016/03/29 03:37:45 | 001,444,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2016/03/29 03:37:09 | 000,799,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2016/03/29 03:36:48 | 003,351,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2016/03/29 03:36:46 | 000,649,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2016/03/29 03:35:26 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll
[2016/03/29 03:34:56 | 000,682,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll
[2016/03/29 03:34:54 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll
[2016/03/29 03:34:52 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenrollengine.dll
[2016/03/29 03:34:33 | 000,711,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll
[2016/03/29 03:32:57 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Bluetooth.dll
[2016/03/29 03:32:43 | 000,638,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2016/03/29 03:32:33 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcsps.dll
[2016/03/29 03:32:31 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
[2016/03/29 03:32:26 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2016/03/29 03:32:15 | 001,098,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dosvc.dll
[2016/03/29 03:31:44 | 001,117,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2016/03/29 03:31:23 | 000,705,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2016/03/29 03:31:02 | 001,946,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2016/03/29 03:30:31 | 001,139,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2016/03/29 03:29:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncController.dll
[2016/03/29 03:29:22 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\accountaccessor.dll
[2016/03/29 03:28:13 | 001,944,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputService.dll
[2016/03/29 03:28:10 | 000,764,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
[2016/03/29 03:27:21 | 007,979,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll
[2016/03/29 03:27:14 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
[2016/03/29 03:27:11 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2016/03/29 03:27:04 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2016/03/29 03:27:01 | 000,162,816 | ---- | M] () -- C:\WINDOWS\SysWow64\MTF.dll
[2016/03/29 03:23:37 | 000,777,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
[2016/03/29 03:22:58 | 000,638,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2016/03/29 03:17:00 | 000,765,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapi.dll
[2016/03/29 03:14:22 | 001,072,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2016/03/29 03:13:06 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.dll
[2016/03/29 03:06:46 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2016/03/29 03:05:57 | 001,388,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2016/03/29 03:05:44 | 001,626,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2016/03/29 03:05:40 | 007,199,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BingMaps.dll
[2016/03/29 03:05:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncController.dll
[2016/03/29 03:04:35 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2016/03/29 03:04:06 | 000,848,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2016/03/29 03:01:28 | 013,018,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/03/29 03:00:50 | 006,297,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2016/03/29 02:56:52 | 016,985,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/03/29 02:52:20 | 011,545,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2016/03/29 02:51:55 | 009,918,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2016/03/29 02:51:27 | 022,378,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/03/29 02:49:21 | 005,202,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2016/03/29 02:45:48 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncbservice.dll
[2016/03/29 02:45:43 | 003,078,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esent.dll
[2016/03/29 02:43:27 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2016/03/29 02:43:22 | 003,428,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/03/29 02:38:54 | 002,798,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/03/29 02:38:50 | 018,673,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/03/29 02:36:49 | 002,722,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2016/03/29 02:35:37 | 000,821,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fvewiz.dll
[2016/03/29 02:28:43 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fvecpl.dll
[2016/03/29 02:27:32 | 005,662,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/03/29 02:27:00 | 007,836,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/03/29 02:26:38 | 000,402,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2016/03/29 02:26:06 | 000,958,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll
[2016/03/29 02:25:30 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2016/03/29 02:25:01 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
[2016/03/29 02:21:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\basesrv.dll
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/04/27 23:04:05 | 000,085,793 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20160427230305
[2016/04/27 22:53:45 | 000,008,459 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20160427225244
[2016/04/27 22:49:09 | 000,002,419 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20160427224809
[2016/04/27 22:35:52 | 000,009,673 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20160427223452
[2016/04/27 22:34:39 | 552,806,388 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2016/04/27 18:53:36 | 010,281,826 | ---- | C] () -- C:\Users\deco\Desktop\Proud Of You.mp3
[2016/04/27 18:52:00 | 068,013,430 | ---- | C] () -- C:\Users\deco\Desktop\Proud Of You.wav
[2016/04/27 11:27:22 | 000,002,183 | ---- | C] () -- C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016/04/27 02:30:22 | 009,630,946 | ---- | C] () -- C:\Users\deco\Desktop\sewer.mp3
[2016/04/27 02:30:07 | 010,179,106 | ---- | C] () -- C:\Users\deco\Desktop\proudofu.mp3
[2016/04/27 02:29:55 | 008,709,346 | ---- | C] () -- C:\Users\deco\Desktop\NJ.mp3
[2016/04/27 02:29:44 | 007,234,786 | ---- | C] () -- C:\Users\deco\Desktop\loathed.mp3
[2016/04/27 02:22:55 | 042,468,352 | ---- | C] () -- C:\Users\deco\Desktop\sewer.wav
[2016/04/27 01:12:08 | 033,670,268 | ---- | C] () -- C:\Users\deco\Desktop\proudofu.wav
[2016/04/27 00:34:53 | 038,405,120 | ---- | C] () -- C:\Users\deco\Desktop\NJ.wav
[2016/04/27 00:11:54 | 023,931,308 | ---- | C] () -- C:\Users\deco\Desktop\loathed.wav
[2016/04/26 12:16:58 | 000,000,001 | ---- | C] () -- C:\WINDOWS\SysWow64\us.html
[2016/04/24 22:24:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/04/24 22:13:53 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2016/04/24 04:27:12 | 000,002,074 | ---- | C] () -- C:\Users\deco\Application Data\Microsoft\Internet Explorer\Quick Launch\Pro Tools 10.lnk
[2016/04/24 04:27:12 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Pro Tools 10.lnk
[2016/04/23 21:47:27 | 185,683,968 | ---- | C] () -- C:\Users\deco\Desktop\BIAS_FX_Windows64bit_v1_1_0_745.msi
[2016/04/23 21:40:11 | 000,000,030 | ---- | C] () -- C:\Users\deco\AppData\Roaming\.pgbiasfx
[2016/04/17 23:55:12 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SysWow64\w3data.vss
[2016/04/17 23:55:12 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SysWow64\msvcsv60.dll
[2016/04/17 23:55:12 | 000,000,016 | ---- | C] () -- C:\Users\deco\AppData\Roaming\msregsvv.dll
[2016/04/17 23:55:12 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2016/04/17 23:55:12 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2016/04/17 21:57:39 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2016/04/17 21:57:26 | 000,002,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2016/04/15 13:02:11 | 013,363,814 | ---- | C] () -- C:\Users\deco\Desktop\IRS divida.rtf
[2016/04/13 13:35:11 | 019,607,285 | ---- | C] () -- C:\Users\deco\Desktop\ListaStock.xml
[2016/04/13 11:07:43 | 001,862,008 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/04/13 11:07:38 | 002,656,952 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2016/04/13 11:05:08 | 000,235,008 | ---- | C] () -- C:\WINDOWS\SysNative\MTF.dll
[2016/04/13 11:05:08 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2016/04/08 12:57:28 | 000,002,547 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2015.lnk
[2016/04/07 09:49:58 | 000,029,842 | ---- | C] () -- C:\License.rtf
[2016/03/29 13:27:16 | 000,001,421 | ---- | C] () -- C:\Users\deco\Desktop\CopyTrans Control Center.lnk
[2015/12/12 01:35:03 | 000,965,390 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/12/12 01:27:40 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/10/30 04:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/10/30 04:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/10/30 04:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/10/30 04:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/10/30 04:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/10/30 04:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015/10/30 04:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015/10/30 04:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/10/30 04:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/10/30 04:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/10/30 04:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/10/30 04:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/10/30 04:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/10/30 04:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/03/22 14:54:16 | 000,000,033 | ---- | C] () -- C:\Users\deco\AppData\Roaming\AdobeWLCMCache.dat
[2014/11/20 13:54:12 | 000,000,132 | ---- | C] () -- C:\Users\deco\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2014/08/28 13:04:39 | 000,000,043 | ---- | C] () -- C:\Users\deco\AppData\Roaming\mbam.context.scan
[2014/08/02 18:23:02 | 000,000,086 | ---- | C] () -- C:\Users\deco\AppData\Roaming\WB.CFG
[2013/06/28 19:41:12 | 000,003,717 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/01/24 22:06:54 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/19 17:20:51 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{CB8DCE11-B253-4EDB-B0CC-A0787B08F204}
[2012/01/19 17:17:54 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{A0AE2BA0-BC64-4C82-85C5-75CA07927EC2}
[2012/01/19 17:15:56 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{94C3ECB7-004E-4BDD-8C96-A0480CED3308}
[2011/12/16 14:29:06 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{1B957172-A890-42A3-9248-7DEEDD3B6504}
[2011/12/16 14:27:09 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{A3F3D639-BB66-4436-9F6F-760226486CE7}
[2011/11/07 17:22:43 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{09CAB645-9211-464F-94C3-44802F73D6F4}
 
========== ZeroAccess Check ==========
 
[2011/11/17 03:41:18 | 000,000,000 | -HSD | M] -- C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\L
[2012/08/12 17:46:03 | 000,000,000 | -HSD | M] -- C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\U
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/02/24 05:46:25 | 006,607,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/02/24 05:06:39 | 005,242,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 04:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 04:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 04:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 962 bytes -> C:\Program Files (x86)\Common Files\Microsoft Shared:aVlgSRdtWjZLuVWMBpaiZ
@Alternate Data Stream - 945 bytes -> C:\ProgramData\Microsoft:JC00IUg3n1Mx2poMMk
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1279 bytes -> C:\ProgramData\Microsoft:YSZUZXKIzleugtKMK
@Alternate Data Stream - 1073 bytes -> C:\ProgramData\Microsoft:INL1pHYdTghSiscdUO
@Alternate Data Stream - 1031 bytes -> C:\Users\deco\AppData\Local\fxTJ3wOFPpr5:hmVaetgd9kzvQ7J84ObD
@Alternate Data Stream - 1027 bytes -> C:\ProgramData\Microsoft:Ys9gXmQ3SrbipY4xA65epdF

< End of report >
 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2016-04-28 02:39:50
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003e WDC_WD10EARS-22Y5B1 rev.80.00A80 931.51GB
Running: gmer.exe; Driver: C:\Users\deco\AppData\Local\Temp\kwldapod.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [696:4020]   fffff960d2b84060
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [5684:5688]  0000000000a4e06c
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [5684:5752]  0000000000a33660
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [5684:5796]  0000000000a476d0
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [5684:4848]  0000000000a34240

---- EOF - GMER 2.1 ----


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, we no longer use OTL or Hijackthis as they are no longer updated

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Thanks Essexboy! Here we go:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by deco (2016-04-28 10:33:21)
Running from C:\Users\deco\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-12 05:00:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3406242734-3781281278-1370421689-500 - Administrator - Disabled)
deco (S-1-5-21-3406242734-3781281278-1370421689-1000 - Administrator - Enabled) => C:\Users\deco
DefaultAccount (S-1-5-21-3406242734-3781281278-1370421689-503 - Limited - Disabled)
Guest (S-1-5-21-3406242734-3781281278-1370421689-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3406242734-3781281278-1370421689-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.5 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.5 - Avid Technology, Inc.)
BIAS FX Plugins Pack (64bit) (HKLM\...\{77558DEB-4B65-4921-8855-D8593EF5BCDD}) (Version: 1.1.0.745 - PositiveGrid)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\CopyTrans Suite) (Version: 4.006 - WindSolutions)
Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Excel Image Assistant (HKLM-x32\...\Excel Image Assistant) (Version:  - )
FLV2PC v5.9.0 (HKLM-x32\...\FLV2PC_is1) (Version: 5.9.0 - )
Free Sound Recorder v10.7.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2015 FreeSoundRecorder Technologies, Inc.)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKV Player 2.1 (HKLM-x32\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
Search Provided by Yahoo (HKLM-x32\...\YahooProvidedSearch) (Version:  - ) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SoulSeek 157 NS 13c (HKLM-x32\...\Soulseek2) (Version:  - )
Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
The Desktop Weather 2.0 (HKLM\...\WeatherTool) (Version: 2.0.1.11073 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax Business 2014 (HKLM-x32\...\TurboTax Business 2014) (Version: 2014.0 - Intuit, Inc)
Update for PriceFountain (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\{301B9AD6-7631-5375-2237-33F8E3343557}) (Version:  - Update for PriceFountain) <==== ATTENTION
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waves Central 1.1.0.22 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.1.0 - Waves, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0082CB07-1A3F-4A36-A5D5-9A68C4C14222} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {073DB72E-520B-476A-83CD-8D0EFBCCD693} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0990C8D9-EE91-48A8-A7EA-BC16B9F5E633} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0AAA4631-90BD-4059-9953-D7789AD22A9F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {0B882D45-82EB-4285-8153-8FEE43C7811E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {164E1DBC-B904-47FA-AC2C-828A2556423A} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\4112321BEB2F5A5D9E44C7359A2F9BD9\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATTENTION
Task: {1731CFA9-44C9-4895-8951-191264F40C88} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {1E2C773E-1E8F-4220-B806-3AE93DAFBECF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1E90BD4A-9FD0-493C-9566-3AF6C05E52D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1EFE906B-4FE7-4140-A3B5-F86B6F64ADFE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {23B0C235-4701-4C8F-9601-0251DA8AD908} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {298C1599-D9DB-4C4A-BA02-088F48977A54} - System32\Tasks\WpsNotifyTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: {2ACA76F7-0D5F-4C79-9BDE-4350D390B30D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2ADA7A2F-622C-4AFB-B1D9-B999209051D6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {2C330AAB-0AF9-40BE-A4C7-305394855199} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {365D86BC-5134-47B1-BB11-740B2110BFAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {37A5DD81-DA52-4D1C-91E5-5040D016AFD5} - System32\Tasks\{BA70839E-3DF2-4CE1-88F6-355ABC9E2756} => pcalua.exe -a C:\Users\deco\Downloads\OJJ3600_Basic_8.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3A0226D3-6BFF-42D1-8E6A-0CADC40AF4AB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3AF2CE55-D5C8-4103-ABE3-CA221248000C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {3E323ED9-C944-476D-9C9F-11B8A91C5C04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3F3BD157-DFAC-461B-91A5-817D0B419232} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {400BAD29-BE43-48EB-BB65-38B21C018A7D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4717237E-E6F3-41FB-96DD-AD0656BF1538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4D2C42E0-76C9-4D97-87C3-D920C35BBFA4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{8B3231ED-D2A4-4B42-9162-7E168A0B1C7E}.exe
Task: {4DC3C2C2-54DB-499D-A7E8-52D3D75F0DE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {546D9CA4-9967-4A2B-AA4E-0104016EA2AA} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{10935D2D-F1D7-48A2-9B6C-6222E25B23D2}.exe
Task: {566F65A2-1225-4932-9D23-7B8A8D203CFA} - System32\Tasks\WpsUpdateTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
Task: {597F4DE6-8398-4ACC-88E8-353729DE49E2} - System32\Tasks\decoSubmarineCensuredV2 => Rundll32.exe EquilibratingUnmoral.dll,main 7 1 <==== ATTENTION
Task: {5AD32A4A-8487-4178-A0FF-3EC87AAE9786} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5BFD6875-2F63-4111-B151-65A01AB933C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {60883618-B40F-45E4-AC85-CCD4D3D71FAB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {675B0837-4E35-4CD2-AEC9-B86D968B94DC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {68147C55-59B1-4AD2-9D48-E11474E770B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6B941C49-48AD-4D32-8C29-A0767F055E6F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {72688EFD-3D9C-481B-B4B8-DFEAF567ED64} - System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557} => C:\Users\deco\AppData\Roaming\{301B9~1\PRICEF~1.EXE [2013-04-13] ()
Task: {76B35647-2001-4BFF-A915-7AB628E63652} - System32\Tasks\{94406A97-1D05-4EDC-9023-3A95ADF895DD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {7DD20FCC-35E2-41B4-A1B2-7335B24152FD} - System32\Tasks\{6DCA8638-5A9B-4230-B5D3-17B29F43FB58} => pcalua.exe -a C:\Users\deco\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {819D4373-D2B8-48BA-ACA0-230CFB0116F5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8AB962DC-3BAB-410D-8136-A43F66D75638} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8D181F06-1B71-487F-B064-8F759498D053} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {914C3094-B31E-47FA-8362-D0475A8A8A1B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {95867F60-D3A9-4BB0-8320-B76440C6D679} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {960C5D1A-E9A3-418B-A83E-6066467903A1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9E9B0BD0-3B91-4034-A819-3C2BFA4E2DCF} - System32\Tasks\{943BE6FF-7BE5-4C88-ADD9-AD23289D0B5F} => pcalua.exe -a C:\Users\deco\Downloads\slsk157NS13c.exe -d C:\Users\deco\Downloads
Task: {9ED3F406-964D-4D6D-A9E2-408371E347D0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A499A215-0EAB-4331-837B-56F6FDE3518D} - System32\Tasks\{F04144C3-83B0-4F3B-93EA-02F7C7EA719A} => pcalua.exe -a "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)\Adobe Photoshop CS3 BR + plugins.exe" -d "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)"
Task: {A50F7EBE-D3A5-4897-8633-A9D61D607766} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-24] ()
Task: {A9FEC67A-CF3A-486D-AAF0-C74F405BA1F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {AD8635C9-BDDD-46EF-8707-68EB52587AFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B1C22FF1-FA09-4B2C-BBE9-157DBF93F18B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B4874A9D-B4A4-42F6-A34C-CA78981C4576} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B552622A-A873-472B-9675-34F57C9197D8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {BF81E49F-1AC9-41F2-A733-AD1B97FF5CD3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C2449A8A-385F-431A-AAA9-A12ADC7A50B3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C34F894D-E9D4-4F23-97C7-4E4475613876} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C668E13F-07F9-410C-8A2F-019A59605A49} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9D301B8-942B-4681-A996-3F574931999E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CE60488E-EFBF-4DB9-95E0-21B8F09855D5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D8FC8D76-9CE2-4035-BE20-68A7814DD301} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {DCA58A7C-F574-4CF9-85CE-F164468A48EA} - System32\Tasks\{8780E631-761F-43D1-B7EE-72AD457648EC} => pcalua.exe -a "C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe" -d "C:\Program Files (x86)\ESET\ESET Online Scanner"
Task: {E278F4FE-3B4B-4B1B-BFF2-3666BAE67D3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E2C81D1E-43D3-4176-A7A0-8A98ECDE546A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E2CA1C4E-194A-457B-AA75-B4559CE63A8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E944B168-1C2B-4D5F-9BA1-5CE3EC0E0035} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {EBA002FB-FB0E-406A-BF7E-CC3326E78CDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED4943D8-8203-4EBB-85AA-8187CEE1988A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F361E2B5-1C1C-44ED-AD56-6171645895E8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F41A8E78-A826-4E5F-907C-4B814D1BEC42} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F5C3BFE4-0167-4668-838F-F067352FD9B3} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-11-20] () <==== ATTENTION
Task: {F8A9EA0E-7700-4C36-AEE7-F6464B3BC7DA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {FA46A383-0D24-4D24-A320-DB99E0A6F007} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FE6C2BCF-F8B2-4494-AA07-8E0BD0C53ADA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{10935D2D-F1D7-48A2-9B6C-6222E25B23D2}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{8B3231ED-D2A4-4B42-9162-7E168A0B1C7E}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job => C:\Users\deco\AppData\Roaming\{301B9~1\PRICEF~1.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-06-01 15:49 - 2013-06-17 12:40 - 00035944 _____ () C:\Windows\system32\ddmon4-64x.dll
2015-11-20 09:57 - 2015-11-20 09:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 09:57 - 2015-11-20 09:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-26 18:59 - 2014-10-26 18:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-11-23 23:22 - 2015-11-23 23:22 - 00152008 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11073\WeatherService.exe
2014-10-30 01:41 - 2014-10-30 01:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-23 23:22 - 2015-11-23 23:22 - 01050056 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11073\WeatherEntryDll.dll
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-23 11:16 - 2016-04-23 11:16 - 00959176 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-09-15 09:58 - 2015-09-15 09:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 09:09 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 11:05 - 2016-04-02 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 11:06 - 2016-04-02 00:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 11:05 - 2016-04-01 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 11:06 - 2016-04-01 23:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 11:07 - 2016-04-02 00:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-08-04 09:40 - 2010-08-04 09:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-10-29 15:06 - 2014-10-29 15:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2016-04-19 18:59 - 2016-04-19 18:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-29 11:17 - 2016-03-29 11:18 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 11:17 - 2016-03-29 11:18 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 10:40 - 2016-03-04 10:41 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-21 09:37 - 2016-01-21 09:37 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 08:02 - 2015-12-15 08:02 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2016-04-23 11:15 - 2016-04-23 11:15 - 00679624 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2010-08-04 06:47 - 2010-08-04 06:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2016-04-19 18:59 - 2016-04-19 18:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:59 - 2016-04-19 18:59 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Microsoft:INL1pHYdTghSiscdUO [2132]
AlternateDataStreams: C:\ProgramData\Microsoft:JC00IUg3n1Mx2poMMk [2254]
AlternateDataStreams: C:\ProgramData\Microsoft:Ys9gXmQ3SrbipY4xA65epdF [2056]
AlternateDataStreams: C:\ProgramData\Microsoft:YSZUZXKIzleugtKMK [639]
AlternateDataStreams: C:\Users\deco\Local Settings:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\Local Settings:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\AppData\Local:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local\fxTJ3wOFPpr5:hmVaetgd9kzvQ7J84ObD [2064]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 201.17.0.64 - 201.17.0.92
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IAAnotif"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GoforFilesInstaller Starter"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{6524771A-8D5D-4DFE-8890-89E80B697B07}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{333035C3-47AC-468E-9B34-F3F93279131F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{24F34BBE-B9E6-4AA0-ABB5-83218659640F}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{FFD32ED0-94F9-4FE2-AFC6-D074C390837B}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{8B882952-1FE3-4A5A-ADA2-7F113818DFFD}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{36F6E301-0EB6-47CF-8B45-D14D3925316B}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8CB0BA09-1E6C-4387-BE61-DE8B895C3F8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FDE3F47F-12A1-40C2-9DDE-CA111EAD6226}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{83EC21CA-57BD-464F-B7F3-F704FF0C9684}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6D26D805-A69E-4F5C-9A79-1ED48DD3E7AF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7F37147D-813A-42BF-B9F9-9A5FF56AFC33}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C176598F-A553-43F2-AFE3-8C9DA3C7B830}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{62AB4B90-7C98-4A77-998D-6B9EB22BD795}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{72CB84AB-6594-43CF-B1D9-2433089BC041}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D4B0B46E-D0B2-41F3-A2B5-791D02146DD4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{47B6A7A5-778C-4A80-A9CF-E78A0C662FCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6FA2DB3B-7623-4D05-84AD-19A61ABBBA3E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4E42EE5D-9017-4445-BD46-9BF3B2B36C65}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D3DB5C8A-6530-47FA-99C4-25E31D2AAA0A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C65F13CF-EFFA-4E9E-B2FB-7D802931DB3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6828F2C7-3DE4-4BC6-B55D-EC6018BB6298}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A6D3005-62E5-46B6-BF48-92A713D3F00B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5DD4D070-9151-4532-8A21-A5AD168D5D66}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query User{E4CAA90C-042A-434F-85F7-0D4B247647F3}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [TCP Query User{8E1D36BE-6BFC-4DE6-8B25-53D688BD904D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{E958F3CC-3AA0-4700-B7A6-4F7B91DF6C31}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{A202D653-AF53-40DC-B91B-46D03F38F385}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{36D3D8DC-6BC3-46BF-A5A4-99A5E29A1B2A}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{8548DBCE-BD77-4E8D-954E-E6CD87277880}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe
FirewallRules: [TCP Query User{30BA92D4-8F4F-4419-AB0C-1B768727551C}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{DB372440-C8A3-43C8-B7CB-9180C01DCFF3}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [{AABEA036-0A8F-4F5B-AA37-18CFC48BA752}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [{2717205D-7214-462D-AC43-D26716E49765}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{4FE0F591-75ED-440A-B4F0-0792AC778378}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe
FirewallRules: [{E2615F23-4283-4560-B2A4-65554172A0D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4396C909-C46C-4196-8FD3-0C5D13FB1E3C}] => (Allow) C:\Users\deco\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{8AC9E093-7942-4219-92EA-EB970CB0A30E}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{464A0B04-244C-4A85-8BF1-23796C7E56DB}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe

==================== Restore Points =========================

20-04-2016 21:52:41 Installed Waves Central V1.0.3.3
23-04-2016 21:22:16 Removed Waves Central V1.0.3.3

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter OAS #20
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2016 10:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x19dc
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (04/28/2016 10:07:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (04/28/2016 03:33:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ProTools.exe version 10.3.4.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 19d8

Start Time: 01d1a117a5ceac5f

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe

Report Id: 0958ae57-0d0b-11e6-8daa-f80f410f4e9f

Faulting package full name:

Faulting package-relative application ID:

Error: (04/28/2016 03:30:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ProTools.exe version 10.3.4.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1330

Start Time: 01d1a116ff1ab631

Termination Time: 31

Application Path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe

Report Id: a156ce05-0d0a-11e6-8daa-f80f410f4e9f

Faulting package full name:

Faulting package-relative application ID:

Error: (04/28/2016 03:21:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 17c0

Start Time: 01d1a1160265c44f

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 7af4c2b4-0d09-11e6-8daa-f80f410f4e9f

Faulting package full name:

Faulting package-relative application ID:

Error: (04/28/2016 03:18:10 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (04/28/2016 03:12:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1350

Start Time: 01d1a114af72f4dc

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 1ee5e48c-0d08-11e6-8daa-f80f410f4e9f

Faulting package full name:

Faulting package-relative application ID:

Error: (04/28/2016 03:09:47 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Modules,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "Modules,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line Modules,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Modules,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Modules,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2016 03:07:58 AM) (Source: McLogEvent) (EventID: 5046) (User: NT AUTHORITY)
Description: The McShield scanning service cannot find any configuration in the registry

Error: (04/28/2016 03:05:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x914
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5


System errors:
=============
Error: (04/28/2016 10:07:09 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #20, {6A145DAC-C7ED-4657-86AC-6FFA6AE3CA35}, had event 76

Error: (04/28/2016 03:33:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_8a000 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2016 03:26:17 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 03:21:56 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 03:21:56 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 03:21:56 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 03:21:56 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 03:21:56 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 03:21:56 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 03:15:44 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #20, {5B096759-8202-43A4-9A64-8AC6D36E4FC4}, had event 76


CodeIntegrity:
===================================
  Date: 2016-04-28 10:21:12.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:31.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:31.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:29.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:29.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:05.356
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:05.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:05.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:04.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:04.717
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 4061.17 MB
Available physical RAM: 2287.94 MB
Total Virtual: 8157.17 MB
Available Virtual: 6042.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:911.88 GB) (Free:644.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FBC288CC)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by deco (administrator) on DECO-PC (28-04-2016 10:31:38)
Running from C:\Users\deco\Desktop
Loaded Profiles: deco (Available Profiles: deco & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(M-Audio) C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.11073\WeatherService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11073\weather.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [Google Update] => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Windows\Downloaded Program Files\gbiehuni.dll No File [ ]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2016-04-28]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 201.17.0.64 201.17.0.92
Tcpip\..\Interfaces\{67e01175-984f-458a-99df-04aabdde5b6d}: [DhcpNameServer] 201.17.0.85 201.17.0.55
Tcpip\..\Interfaces\{bc9b8eca-8d3a-463c-a441-d44690c56727}: [DhcpNameServer] 201.17.0.64 201.17.0.92

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110902204322.dll [2010-01-05] (McAfee, Inc.)
BHO-x32: FLVBlaster.FLVBlasterIEAddon -> {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -> C:\Windows\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Windows\Downloaded Program Files\gbiehuni.dll => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E37CB5F0-51F5-4395-A808-5FA49E399008} hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: Search Provided by Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-11-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-10-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-11-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic602.dll [No File]
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @talk.google.com/O1DPlugin -> C:\Users\deco\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @tools.google.com/Google Update;version=3 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @tools.google.com/Google Update;version=9 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF user.js: detected! => C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\user.js [2015-01-24]
FF user.js: detected! => C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2015-01-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-11-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-11-07] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\deco\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\deco\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\searchplugins\Search Provided by Yahoo.xml [2016-04-28]
FF SearchPlugin: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Search Provided by Yahoo.xml [2016-04-28]
FF Extension: SNT - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\Extensions\[email protected] [2014-03-26] [not signed]
FF Extension: Video DownloadHelper - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-03]
FF Extension: SNT - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\[email protected] [2016-04-24] [not signed]
FF Extension: Video DownloadHelper - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ncr
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Docs) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-12-15]
CHR Extension: (Google Sheets) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Grooveshark Downloader) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2015-04-22] [UpdateUrl: hxxp://groovesharkdownload.net/Download/updates.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (M-Audio)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-04] (Freemake) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-01-05] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-01-05] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-01-05] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-07] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11073\WeatherService.exe [152008 2015-11-23] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-28] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-01-05] (McAfee, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-24] (Disc Soft Ltd)
R3 MAUSBFASTTRACK; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [460048 2013-05-21] (M-Audio)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-01-05] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-01-05] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-01-05] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528232 2010-01-05] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [75288 2010-01-05] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-01-05] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-01-05] (McAfee, Inc.)
R1 MpKsl2a98f3f0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58ECE5B8-BB8B-45BB-9745-58D87213F87B}\MpKsl2a98f3f0.sys [44928 2016-04-28] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 SoundGridMIDI; \SystemRoot\system32\drivers\SoundGridMidi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 10:31 - 2016-04-28 10:32 - 00027564 _____ C:\Users\deco\Desktop\FRST.txt
2016-04-28 10:31 - 2016-04-28 10:31 - 00000000 ____D C:\FRST
2016-04-28 10:30 - 2016-04-28 10:31 - 02376704 _____ (Farbar) C:\Users\deco\Desktop\FRST64.exe
2016-04-28 10:01 - 2016-04-28 10:01 - 00038648 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428100031
2016-04-28 03:18 - 2016-04-28 03:20 - 00000000 ____D C:\Users\deco\AppData\Roaming\Free Sound Recorder
2016-04-28 03:18 - 2016-04-28 03:18 - 00001328 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Free Sound Recorder.lnk
2016-04-28 03:18 - 2016-04-28 03:18 - 00001304 _____ C:\Users\deco\Desktop\Free Sound Recorder.lnk
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\Users\deco\Documents\Free Sound Recorder
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\Users\deco\AppData\Roaming\New Version Available
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\Program Files (x86)\Free Sound Recorder
2016-04-28 03:18 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioInformation2.dll
2016-04-28 03:18 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioFile2.dll
2016-04-28 03:18 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioRecord2.dll
2016-04-28 03:18 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioPlayer2.dll
2016-04-28 03:18 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioEditor2.dll
2016-04-28 03:18 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioTransform2.dll
2016-04-28 03:18 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioVisualization2.dll
2016-04-28 03:18 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTTextToAudio2.dll
2016-04-28 03:18 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTWMAFile2.dll
2016-04-28 03:18 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\WINDOWS\SysWOW64\NCTAudioCDGrabber2.dll
2016-04-28 03:18 - 2002-01-05 16:37 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2016-04-28 03:08 - 2016-04-28 10:01 - 00033833 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428030758
2016-04-28 02:57 - 2016-04-28 02:57 - 00000000 ____D C:\Users\deco\AppData\Roaming\{301B9AD6-7631-5375-2237-33F8E3343557}
2016-04-28 02:56 - 2016-04-28 03:07 - 00000286 _____ C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job
2016-04-28 02:56 - 2016-04-28 03:00 - 00000000 ____D C:\Users\deco\AppData\Local\Chromium
2016-04-28 02:56 - 2016-04-28 02:57 - 00002826 _____ C:\WINDOWS\System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}
2016-04-28 02:56 - 2016-04-28 02:56 - 00003528 _____ C:\WINDOWS\System32\Tasks\decoSubmarineCensuredV2
2016-04-28 02:56 - 2016-04-28 02:56 - 00002551 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-04-28 02:55 - 2016-04-28 03:08 - 00000000 ____D C:\Users\deco\AppData\Roaming\WeatherTool
2016-04-28 02:55 - 2016-04-28 02:56 - 00000000 ____D C:\Users\deco\AppData\Local\{62E754BB-464F-3803-2BD7-1DEB0FBFE173}
2016-04-28 02:55 - 2016-04-28 02:55 - 12937690 _____ (Copyright© 2005-2015 FreeSoundRecorder Technologies, Inc. ) C:\Users\deco\Downloads\FreeSoundRecorder [1].exe
2016-04-28 02:55 - 2016-04-28 02:55 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-04-28 02:55 - 2016-04-28 02:55 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-04-28 02:54 - 2016-04-28 03:16 - 12937690 _____ (Copyright© 2005-2015 FreeSoundRecorder Technologies, Inc. ) C:\Users\deco\Downloads\FreeSoundRecorder.exe
2016-04-28 02:32 - 2016-04-28 02:32 - 00041094 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428023143
2016-04-28 02:31 - 2016-04-28 02:31 - 00324468 _____ C:\WINDOWS\Minidump\042816-36578-01.dmp
2016-04-28 02:26 - 2016-04-28 02:36 - 00000080 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-28 01:01 - 2016-04-28 01:01 - 00103900 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428010034
2016-04-28 00:29 - 2016-04-28 00:29 - 00987728 _____ (Google Inc.) C:\Users\deco\Downloads\ChromeSetup.exe
2016-04-28 00:26 - 2016-04-28 00:26 - 00330750 _____ C:\Users\deco\Desktop\OTL.Txt
2016-04-27 23:04 - 2016-04-28 01:01 - 00141369 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427230305
2016-04-27 22:53 - 2016-04-27 22:53 - 00008459 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427225244
2016-04-27 22:49 - 2016-04-27 22:49 - 00002419 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427224809
2016-04-27 22:46 - 2016-04-27 22:47 - 00278316 _____ C:\WINDOWS\Minidump\042716-43156-01.dmp
2016-04-27 22:35 - 2016-04-27 22:35 - 00009673 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427223452
2016-04-27 22:34 - 2016-04-28 02:31 - 690052084 _____ C:\WINDOWS\MEMORY.DMP
2016-04-27 22:34 - 2016-04-28 02:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-27 22:34 - 2016-04-27 22:35 - 00278348 _____ C:\WINDOWS\Minidump\042716-53218-01.dmp
2016-04-27 18:52 - 2016-04-27 17:19 - 68013430 _____ C:\Users\deco\Desktop\Proud Of You.wav
2016-04-27 11:27 - 2016-04-28 02:35 - 00002183 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-27 11:27 - 2016-04-28 00:07 - 00000000 ____D C:\Program Files (x86)\vreXjvX
2016-04-27 11:27 - 2016-04-27 11:27 - 00000007 _____ C:\WINDOWS\SysWOW64\tem68A2.tmp
2016-04-27 11:27 - 2016-04-27 11:27 - 00000000 ____D C:\Users\Public\Documents\vreXjvX
2016-04-27 11:27 - 2016-04-27 11:27 - 00000000 ____D C:\Users\deco\AppData\Local\vreXjvX
2016-04-27 02:29 - 2016-04-27 19:15 - 00000000 ___HD C:\Users\deco\Desktop\Freemake_do_not_remove_this_folder
2016-04-27 02:22 - 2016-04-27 02:27 - 42468352 _____ C:\Users\deco\Desktop\sewer.wav
2016-04-27 01:24 - 2016-04-27 01:24 - 00023771 _____ C:\Users\deco\Downloads\papyrus.pdf
2016-04-27 01:12 - 2016-04-27 01:12 - 33670268 _____ C:\Users\deco\Desktop\proudofu.wav
2016-04-27 00:34 - 2016-04-27 00:38 - 38405120 _____ C:\Users\deco\Desktop\NJ.wav
2016-04-27 00:11 - 2016-04-27 00:11 - 23931308 _____ C:\Users\deco\Desktop\loathed.wav
2016-04-26 12:18 - 2016-04-26 14:09 - 00000000 ____D C:\Users\deco\AppData\Roaming\eCyber
2016-04-26 12:18 - 2016-04-26 12:18 - 00000000 ____D C:\Users\deco\AppData\Roaming\WinZiper
2016-04-26 12:18 - 2016-04-26 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-26 12:16 - 2016-04-27 23:09 - 00000001 _____ C:\WINDOWS\SysWOW64\us.html
2016-04-26 12:16 - 2016-04-26 12:17 - 00009416 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core)
2016-04-26 12:15 - 2016-04-26 12:15 - 00006659 _____ C:\Users\deco\Downloads\PDFProcessor.pdf
2016-04-26 12:15 - 2016-04-26 12:15 - 00000000 ____D C:\Program Files (x86)\QQBrowser
2016-04-26 00:19 - 2016-04-26 00:19 - 00000000 ____D C:\Users\deco\Desktop\Copy of proud
2016-04-25 11:46 - 2016-04-27 12:15 - 00003574 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000
2016-04-25 11:46 - 2016-04-27 12:15 - 00003514 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000
2016-04-24 22:39 - 2016-04-24 22:39 - 00000000 ____D C:\Users\deco\AppData\Local\Native Instruments
2016-04-24 22:35 - 2016-04-24 22:35 - 00000000 ____D C:\Users\deco\AppData\Local\Disc_Soft_Ltd
2016-04-24 22:33 - 2016-04-24 22:39 - 00000000 ____D C:\Users\deco\Documents\Native Instruments
2016-04-24 22:31 - 2016-04-24 22:31 - 00000000 __HDC C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}
2016-04-24 22:27 - 2016-04-24 22:27 - 00000000 __HDC C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2016-04-24 22:25 - 2016-04-24 22:25 - 00000000 __HDC C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2016-04-24 22:25 - 2016-04-24 22:25 - 00000000 __HDC C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2016-04-24 22:24 - 2016-04-24 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:28 - 00000000 ____D C:\Program Files\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:28 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:25 - 00000000 ____D C:\ProgramData\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:24 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-24 22:24 - 2016-04-24 22:24 - 00000000 __HDC C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}
2016-04-24 22:19 - 2016-04-24 22:19 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-04-24 22:14 - 2016-04-24 22:15 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-24 22:14 - 2016-04-24 22:14 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2016-04-24 22:13 - 2016-04-28 02:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-04-24 22:13 - 2016-04-24 22:23 - 00000000 ____D C:\Users\deco\AppData\Roaming\DAEMON Tools Lite
2016-04-24 22:13 - 2016-04-24 22:14 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-04-24 22:13 - 2016-04-24 22:13 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2016-04-24 22:13 - 2016-04-24 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-04-24 22:13 - 2016-04-24 22:13 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-04-24 21:45 - 2016-04-24 21:45 - 00692072 _____ (Disc Soft Ltd.) C:\Users\deco\Downloads\DTLiteInstaller.exe
2016-04-24 11:51 - 2016-04-24 11:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2016-04-24 11:51 - 2016-04-24 11:51 - 00000000 ____D C:\Users\deco\AppData\Roaming\Leadertech
2016-04-24 04:27 - 2016-04-28 02:36 - 00002044 _____ C:\Users\Public\Desktop\Pro Tools 10.lnk
2016-04-24 04:27 - 2016-04-24 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2016-04-24 04:25 - 2016-04-24 04:25 - 00000000 ____D C:\Program Files (x86)\Avid
2016-04-24 04:16 - 2013-08-05 22:02 - 00000000 ____D C:\Users\deco\Downloads\Pro_Tools_10.3.5_Win
2016-04-24 04:16 - 2013-08-05 21:42 - 00000000 ____D C:\Users\deco\Downloads\Patches
2016-04-23 21:56 - 2016-04-23 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves Central
2016-04-23 21:48 - 2016-04-23 21:48 - 00000000 ____D C:\Program Files\Common Files\PositiveGrid
2016-04-23 21:47 - 2015-09-16 00:00 - 185683968 _____ C:\Users\deco\Desktop\BIAS_FX_Windows64bit_v1_1_0_745.msi
2016-04-23 21:40 - 2016-04-23 21:40 - 00000030 _____ C:\Users\deco\AppData\Roaming\.pgbiasfx
2016-04-23 21:40 - 2016-04-23 21:40 - 00000000 ____D C:\Users\deco\AppData\Roaming\BIAS_FX
2016-04-23 16:17 - 2016-04-23 16:18 - 00000000 ____D C:\Users\deco\Desktop\proud
2016-04-23 13:39 - 2016-04-23 13:42 - 00000000 ____D C:\Users\deco\Downloads\Native.Instruments.Guitar.Rig.5.Pro.STANDALONE.VST.RTAS.v5.0.2.x86.x64-ASSiGN(Murlok)
2016-04-22 19:46 - 2016-04-22 19:46 - 00000000 ____D C:\Users\deco\AppData\Local\M-Audio
2016-04-22 19:46 - 2016-04-22 19:46 - 00000000 ____D C:\ProgramData\M-Audio
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\ProgramData\AVID
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\Program Files\M-Audio
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\Program Files (x86)\M-Audio
2016-04-22 19:40 - 2013-05-21 14:35 - 18735888 _____ (M-Audio) C:\Users\deco\Downloads\Install_M-Audio_Fast_Track_6.1.12.exe
2016-04-21 23:50 - 2016-04-22 00:13 - 00000000 ____D C:\Users\deco\Desktop\split reaction
2016-04-21 22:40 - 2016-04-24 22:34 - 00000000 ____D C:\Users\deco\Desktop\plugins
2016-04-21 22:09 - 2016-04-21 22:09 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-21 21:48 - 2016-04-21 21:48 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-04-21 21:21 - 2016-04-23 22:35 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-04-21 21:21 - 2016-04-21 21:22 - 00000000 ___SD C:\Program Files (x86)\Waves
2016-04-21 19:46 - 2016-04-19 12:58 - 00000000 ____D C:\Users\deco\Downloads\Waves.Complete.v9.6_2016.04.13_OffLine.WiN
2016-04-20 22:16 - 2016-04-20 22:16 - 00000000 ____D C:\Users\deco\AppData\Roaming\IK Multimedia
2016-04-20 21:54 - 2016-04-23 23:24 - 00000000 ___SD C:\ProgramData\Waves Audio
2016-04-20 21:54 - 2016-04-21 22:08 - 00000000 ___SD C:\Users\deco\AppData\Roaming\Waves Audio
2016-04-20 21:54 - 2016-04-21 21:09 - 00000000 ____D C:\Users\deco\AppData\Local\Waves Audio
2016-04-20 21:53 - 2016-04-21 21:22 - 00000000 ___SD C:\Users\Public\Waves Audio
2016-04-20 21:52 - 2016-04-23 21:56 - 00000000 ____D C:\Program Files (x86)\Waves Central
2016-04-20 21:30 - 2016-04-18 01:10 - 00000000 ____D C:\Users\deco\Downloads\Waves.Patch-VR
2016-04-20 20:50 - 2016-04-20 21:00 - 00000000 ____D C:\Users\deco\Downloads\Waves Complete v9.6 2016.04.13 AAX RTAS VST VST3 WiN
2016-04-18 21:20 - 2016-04-18 21:20 - 00125835 _____ C:\Users\deco\Downloads\esperando.la.carroza.spanish.srt
2016-04-18 21:19 - 2016-04-18 21:19 - 00102438 _____ C:\Users\deco\Downloads\Secret.in.Their.Eyes.2015.720p.BluRay.x264-DRONES.srt
2016-04-18 21:12 - 2016-04-18 21:12 - 00000000 ____D C:\Users\deco\Downloads\Esperando.la.Carroza.DVDRip.Xvid.Spanish.Latino.[www.LatinoDivx.com]
2016-04-18 21:09 - 2016-04-18 21:28 - 00000000 ____D C:\Users\deco\Downloads\The.Secret.In.Their.Eyes.2009.720p.BluRay.x264-x0r
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\WINDOWS\SysWOW64\w3data.vss
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\WINDOWS\SysWOW64\msvcsv60.dll
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\WINDOWS\msocreg32.dat
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\Users\deco\AppData\Roaming\msregsvv.dll
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\ProgramData\autobk.inc
2016-04-17 23:52 - 2016-04-23 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2016-04-17 23:51 - 2016-04-24 22:29 - 00000000 ____D C:\Program Files (x86)\VstPlugIns
2016-04-17 23:51 - 2016-04-23 21:19 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2016-04-17 23:51 - 2016-04-17 23:53 - 00000000 ____D C:\Users\deco\Documents\IK Multimedia
2016-04-17 22:50 - 2016-04-17 22:50 - 00000000 ____D C:\Users\deco\Documents\BIAS
2016-04-17 22:36 - 2016-04-23 22:35 - 00000000 ____D C:\Program Files\VSTPlugins
2016-04-17 22:36 - 2016-04-17 22:36 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-04-17 22:17 - 2016-04-17 22:30 - 00000000 ____D C:\Users\deco\Downloads\Positive Grid BIAS FX v1.1.0.745-R2R [oddsox]
2016-04-17 21:57 - 2016-04-28 02:36 - 00001912 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-04-17 21:57 - 2016-04-28 02:35 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-17 21:57 - 2016-04-17 21:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-17 21:57 - 2016-04-17 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-17 21:49 - 2016-04-17 21:56 - 41896256 _____ (Apple Inc.) C:\Users\deco\Downloads\QuickTimeInstaller.exe
2016-04-17 21:35 - 2016-04-17 21:43 - 00000000 ____D C:\Users\deco\Documents\untitled
2016-04-17 21:31 - 2016-04-23 21:20 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-04-17 21:31 - 2016-04-17 21:31 - 00462174 _____ C:\Users\deco\Downloads\ASIO4ALL_2_13_English.exe
2016-04-17 20:56 - 2016-04-17 20:56 - 00000000 ____D C:\Users\deco\AppData\Roaming\Trillium Lane
2016-04-17 20:54 - 2016-04-17 20:54 - 00000000 ____D C:\Users\deco\AppData\Roaming\PACE Anti-Piracy
2016-04-17 20:54 - 2016-04-17 20:54 - 00000000 ____D C:\Users\deco\AppData\Local\PACE Anti-Piracy
2016-04-17 20:54 - 2016-04-17 20:54 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2016-04-17 20:15 - 2016-04-28 03:31 - 00000000 ____D C:\Users\deco\AvidLogFiles
2016-04-17 20:03 - 2016-04-17 21:32 - 00000000 ____D C:\Users\deco\AppData\Roaming\Avid
2016-04-17 19:27 - 2016-04-17 19:27 - 00000000 ____D C:\ProgramData\PACE
2016-04-17 18:32 - 2016-04-17 18:35 - 00000000 ____D C:\Users\deco\Downloads\Avid.Pro.Tools.v10.3.5.HD.Incl.Patch.v2.WiN.x32.x64-TEAMVR
2016-04-16 12:01 - 2016-04-16 12:01 - 00134821 _____ C:\Users\deco\Downloads\e00042482.pdf
2016-04-14 10:12 - 2016-04-14 10:12 - 01201740 _____ C:\Users\deco\Downloads\Contrato humaita .pdf
2016-04-13 22:00 - 2016-04-13 22:00 - 00070063 _____ C:\Users\deco\Desktop\productos nao lancados grut.xlsx
2016-04-13 20:24 - 2016-04-13 20:24 - 07729152 _____ C:\Users\deco\Desktop\grut13-4.xls
2016-04-13 16:42 - 2016-04-13 16:42 - 00241426 _____ C:\Users\deco\Desktop\2019083385016904.txt
2016-04-13 15:18 - 2016-04-13 15:18 - 33518592 _____ C:\Users\deco\Desktop\catalogodream416.xls
2016-04-13 13:35 - 2016-04-13 13:35 - 19607285 _____ C:\Users\deco\Desktop\ListaStock.xml
2016-04-13 11:07 - 2016-04-02 00:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 11:07 - 2016-03-29 07:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 11:07 - 2016-03-29 07:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 11:07 - 2016-03-29 06:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 11:07 - 2016-03-29 05:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 11:07 - 2016-03-29 05:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 11:07 - 2016-03-29 05:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 11:07 - 2016-03-29 05:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 11:07 - 2016-03-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 11:07 - 2016-03-29 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 11:07 - 2016-03-29 04:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 11:07 - 2016-03-29 04:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 11:07 - 2016-03-29 04:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 11:07 - 2016-03-29 04:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 11:07 - 2016-03-29 04:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 11:07 - 2016-03-29 04:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 11:07 - 2016-03-29 04:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 11:07 - 2016-03-29 04:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 11:07 - 2016-03-29 04:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 11:07 - 2016-03-29 04:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 11:07 - 2016-03-29 04:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 11:07 - 2016-03-29 04:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 11:07 - 2016-03-29 03:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 11:07 - 2016-03-29 03:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 11:07 - 2016-03-29 03:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 11:07 - 2016-03-29 03:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 11:07 - 2016-03-29 03:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 11:07 - 2016-03-29 03:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 11:07 - 2016-03-29 03:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 11:07 - 2016-03-29 03:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 11:07 - 2016-03-29 03:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 11:07 - 2016-03-29 03:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 11:07 - 2016-03-29 03:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 11:07 - 2016-03-29 03:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 11:07 - 2016-03-29 03:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 11:07 - 2016-03-29 02:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 11:07 - 2016-03-29 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 11:07 - 2016-03-29 02:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 11:07 - 2016-03-29 02:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 11:07 - 2016-03-29 02:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 11:07 - 2016-03-29 02:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 11:07 - 2016-03-29 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 11:07 - 2016-03-29 02:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 11:07 - 2016-03-29 02:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 11:07 - 2016-03-29 02:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 11:07 - 2016-03-29 02:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 11:06 - 2016-04-02 01:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 11:06 - 2016-04-02 01:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 11:06 - 2016-04-02 00:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 11:06 - 2016-04-02 00:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 11:06 - 2016-04-02 00:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 11:06 - 2016-04-02 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 11:06 - 2016-04-02 00:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 11:06 - 2016-04-02 00:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 11:06 - 2016-04-02 00:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 11:06 - 2016-04-02 00:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 11:06 - 2016-04-02 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 11:06 - 2016-03-29 07:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 11:06 - 2016-03-29 07:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 11:06 - 2016-03-29 07:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 11:06 - 2016-03-29 07:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 11:06 - 2016-03-29 07:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 11:06 - 2016-03-29 06:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 11:06 - 2016-03-29 06:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 11:06 - 2016-03-29 06:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 11:06 - 2016-03-29 06:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 11:06 - 2016-03-29 06:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 11:06 - 2016-03-29 06:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 11:06 - 2016-03-29 06:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 11:06 - 2016-03-29 05:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 11:06 - 2016-03-29 05:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 11:06 - 2016-03-29 05:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 11:06 - 2016-03-29 05:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 11:06 - 2016-03-29 05:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 11:06 - 2016-03-29 04:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 11:06 - 2016-03-29 04:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 11:06 - 2016-03-29 04:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 11:06 - 2016-03-29 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 11:06 - 2016-03-29 04:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 11:06 - 2016-03-29 04:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 11:06 - 2016-03-29 04:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 11:06 - 2016-03-29 04:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 11:06 - 2016-03-29 04:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 11:06 - 2016-03-29 04:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 11:06 - 2016-03-29 04:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 11:06 - 2016-03-29 04:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 11:06 - 2016-03-29 04:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 11:06 - 2016-03-29 04:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 11:06 - 2016-03-29 04:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 11:06 - 2016-03-29 04:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 11:06 - 2016-03-29 04:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 11:06 - 2016-03-29 04:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 11:06 - 2016-03-29 04:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 11:06 - 2016-03-29 04:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 11:06 - 2016-03-29 04:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 11:06 - 2016-03-29 04:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 11:06 - 2016-03-29 04:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 11:06 - 2016-03-29 04:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 11:06 - 2016-03-29 04:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 11:06 - 2016-03-29 04:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 11:06 - 2016-03-29 04:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 11:06 - 2016-03-29 04:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 11:06 - 2016-03-29 04:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 11:06 - 2016-03-29 04:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 11:06 - 2016-03-29 03:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 11:06 - 2016-03-29 03:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 11:06 - 2016-03-29 03:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 11:06 - 2016-03-29 03:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 11:06 - 2016-03-29 03:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 11:06 - 2016-03-29 03:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 11:06 - 2016-03-29 03:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 11:06 - 2016-03-29 03:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 11:06 - 2016-03-29 03:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 11:06 - 2016-03-29 03:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 11:06 - 2016-03-29 03:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 11:06 - 2016-03-29 03:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 11:06 - 2016-03-29 03:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 11:06 - 2016-03-29 03:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 11:06 - 2016-03-29 03:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 11:06 - 2016-03-29 03:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 11:06 - 2016-03-29 03:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 11:06 - 2016-03-29 03:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 11:06 - 2016-03-29 03:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 11:06 - 2016-03-29 03:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 11:06 - 2016-03-29 03:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 11:06 - 2016-03-29 03:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 11:06 - 2016-03-29 03:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 11:06 - 2016-03-29 03:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 11:06 - 2016-03-29 03:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 11:06 - 2016-03-29 03:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 11:06 - 2016-03-29 03:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 11:06 - 2016-03-29 03:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 11:06 - 2016-03-29 03:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 11:06 - 2016-03-29 03:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 11:06 - 2016-03-29 03:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 11:06 - 2016-03-29 03:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 11:06 - 2016-03-29 03:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 11:06 - 2016-03-29 03:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 11:06 - 2016-03-29 02:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 11:06 - 2016-03-29 02:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 11:06 - 2016-03-29 02:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 11:06 - 2016-03-29 02:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 11:06 - 2016-03-29 02:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 11:06 - 2016-03-29 02:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 11:06 - 2016-03-29 02:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 11:06 - 2016-03-29 02:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 11:05 - 2016-04-02 01:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 11:05 - 2016-04-02 01:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 11:05 - 2016-04-02 00:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 11:05 - 2016-04-02 00:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 11:05 - 2016-04-02 00:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 11:05 - 2016-04-02 00:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 11:05 - 2016-04-02 00:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 11:05 - 2016-04-02 00:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 11:05 - 2016-04-02 00:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 11:05 - 2016-04-02 00:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 11:05 - 2016-04-02 00:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 11:05 - 2016-03-29 07:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 11:05 - 2016-03-29 07:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 11:05 - 2016-03-29 07:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 11:05 - 2016-03-29 07:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 11:05 - 2016-03-29 07:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 11:05 - 2016-03-29 06:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 11:05 - 2016-03-29 06:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 11:05 - 2016-03-29 06:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 11:05 - 2016-03-29 06:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 11:05 - 2016-03-29 06:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 11:05 - 2016-03-29 06:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 11:05 - 2016-03-29 06:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 11:05 - 2016-03-29 06:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 11:05 - 2016-03-29 06:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 11:05 - 2016-03-29 06:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 11:05 - 2016-03-29 05:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 11:05 - 2016-03-29 05:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 11:05 - 2016-03-29 05:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 11:05 - 2016-03-29 05:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 11:05 - 2016-03-29 05:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 11:05 - 2016-03-29 05:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 11:05 - 2016-03-29 05:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 11:05 - 2016-03-29 05:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 11:05 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 11:05 - 2016-03-29 05:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 11:05 - 2016-03-29 05:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 11:05 - 2016-03-29 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 11:05 - 2016-03-29 05:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 11:05 - 2016-03-29 04:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 11:05 - 2016-03-29 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 11:05 - 2016-03-29 04:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 11:05 - 2016-03-29 04:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 11:05 - 2016-03-29 04:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 11:05 - 2016-03-29 04:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 11:05 - 2016-03-29 04:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 11:05 - 2016-03-29 04:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 11:05 - 2016-03-29 04:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 11:05 - 2016-03-29 04:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 11:05 - 2016-03-29 04:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 11:05 - 2016-03-29 04:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 11:05 - 2016-03-29 04:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 11:05 - 2016-03-29 04:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 11:05 - 2016-03-29 04:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 11:05 - 2016-03-29 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 11:05 - 2016-03-29 04:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 11:05 - 2016-03-29 04:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 11:05 - 2016-03-29 04:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 11:05 - 2016-03-29 04:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 11:05 - 2016-03-29 04:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 11:05 - 2016-03-29 04:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 11:05 - 2016-03-29 04:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 11:05 - 2016-03-29 04:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 11:05 - 2016-03-29 04:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 11:05 - 2016-03-29 04:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 11:05 - 2016-03-29 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 11:05 - 2016-03-29 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 11:05 - 2016-03-29 04:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 11:05 - 2016-03-29 04:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 11:05 - 2016-03-29 04:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 11:05 - 2016-03-29 04:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 11:05 - 2016-03-29 04:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 11:05 - 2016-03-29 04:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 11:05 - 2016-03-29 04:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 11:05 - 2016-03-29 04:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 11:05 - 2016-03-29 04:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 11:05 - 2016-03-29 04:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 11:05 - 2016-03-29 04:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 11:05 - 2016-03-29 04:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 11:05 - 2016-03-29 04:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 11:05 - 2016-03-29 04:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 11:05 - 2016-03-29 04:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 11:05 - 2016-03-29 04:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 11:05 - 2016-03-29 04:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 11:05 - 2016-03-29 04:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 11:05 - 2016-03-29 04:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 11:05 - 2016-03-29 04:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 11:05 - 2016-03-29 04:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 11:05 - 2016-03-29 03:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 11:05 - 2016-03-29 03:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 11:05 - 2016-03-29 03:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 11:05 - 2016-03-29 03:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 11:05 - 2016-03-29 03:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 11:05 - 2016-03-29 03:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 11:05 - 2016-03-29 03:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 11:05 - 2016-03-29 03:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 11:05 - 2016-03-29 03:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 11:05 - 2016-03-29 03:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 11:05 - 2016-03-29 03:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 11:05 - 2016-03-29 03:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 11:05 - 2016-03-29 03:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 11:05 - 2016-03-29 03:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 11:05 - 2016-03-29 03:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 11:05 - 2016-03-29 03:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 11:05 - 2016-03-29 03:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 11:05 - 2016-03-29 03:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 11:05 - 2016-03-29 03:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 11:05 - 2016-03-29 03:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 11:05 - 2016-03-29 03:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 11:05 - 2016-03-29 03:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 11:05 - 2016-03-29 03:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 11:05 - 2016-03-29 03:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 11:05 - 2016-03-29 03:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 11:05 - 2016-03-29 02:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 11:05 - 2016-03-29 02:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 11:05 - 2016-03-29 02:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 11:05 - 2016-03-29 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 11:05 - 2016-03-29 02:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 11:05 - 2016-03-29 02:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 11:05 - 2016-03-29 02:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 11:05 - 2016-03-29 02:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-08 13:29 - 2016-04-13 13:11 - 00000000 ____D C:\Users\deco\Desktop\2015 statements
2016-04-08 12:57 - 2016-04-28 02:35 - 00002547 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-04-08 12:57 - 2016-04-08 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-04-07 16:45 - 2016-04-07 16:45 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-04 14:16 - 2016-04-04 14:16 - 00115712 _____ C:\Users\deco\Downloads\Nip Joints - Planejamento Orcamentario e Cronograma .xls
2016-04-04 13:53 - 2016-04-06 21:12 - 00000000 ____D C:\Users\deco\Desktop\Bounces
2016-04-04 13:00 - 2016-04-04 13:00 - 01474912 _____ (MegaCloud Limited) C:\Users\deco\Downloads\MegaCloud_Setup.exe
2016-04-04 13:00 - 2016-04-04 13:00 - 00000000 ____D C:\ProgramData\Web Installer
2016-04-03 16:29 - 2016-04-03 16:29 - 00000000 ____D C:\Users\deco\Downloads\TurboTax Home & Business 2015
2016-03-29 13:43 - 2016-03-29 13:43 - 00000000 ____D C:\Program Files\iTunes
2016-03-29 13:34 - 2016-03-29 13:34 - 06079975 _____ C:\Users\deco\Downloads\CopyTransDriversInstallerv2.036.zip
2016-03-29 13:34 - 2016-01-20 10:08 - 06362264 _____ (WindSolutions) C:\Users\deco\Desktop\CopyTransDriversInstaller.exe
2016-03-29 13:27 - 2016-04-28 02:34 - 00001431 _____ C:\Users\deco\Desktop\CopyTrans Control Center.lnk
2016-03-29 13:27 - 2016-03-29 13:27 - 00000000 ____D C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2016-03-29 13:26 - 2016-03-29 13:50 - 00000000 ____D C:\ProgramData\WindSolutions
2016-03-29 13:26 - 2016-03-29 13:43 - 00000000 ____D C:\Users\deco\AppData\Roaming\WindSolutions
2016-03-29 13:26 - 2016-03-29 13:26 - 06786720 _____ (WindSolutions) C:\Users\deco\Downloads\Install_CopyTransControlCenter.exe
2016-03-29 12:37 - 2016-03-29 13:38 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 10:05 - 2014-08-02 16:23 - 00004276 _____ C:\WINDOWS\System32\Tasks\Software Updater
2016-04-28 10:02 - 2011-10-25 15:18 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-28 10:01 - 2013-06-07 16:34 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-04-28 10:01 - 2013-06-03 12:32 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-04-28 03:27 - 2011-08-07 14:17 - 00000000 ____D C:\Users\deco\AppData\Roaming\vlc
2016-04-28 03:26 - 2012-10-12 13:08 - 00000000 ____D C:\Users\deco\AppData\Roaming\Audacity
2016-04-28 03:25 - 2016-02-08 20:59 - 00000000 ____D C:\Users\deco\Desktop\New folder
2016-04-28 03:18 - 2015-10-29 20:02 - 00003800 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-04-28 03:07 - 2015-12-12 01:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-28 03:06 - 2015-10-30 03:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-28 03:05 - 2015-12-12 01:35 - 00000000 ____D C:\Users\deco
2016-04-28 03:03 - 2014-02-06 19:46 - 00001421 _____ C:\WINDOWS\wininit.ini
2016-04-28 03:01 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-28 02:40 - 2014-02-23 15:34 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-04-28 02:38 - 2013-09-04 17:11 - 00000000 ____D C:\Users\deco\Desktop\Virus Tools
2016-04-28 02:37 - 2016-01-07 18:34 - 00000000 ____D C:\Users\deco\Documents\Sound recordings
2016-04-28 02:36 - 2015-12-02 14:21 - 00001268 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2016-04-28 02:36 - 2015-11-05 08:59 - 00002122 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-28 02:36 - 2014-11-07 09:08 - 00001224 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2016-04-28 02:36 - 2014-08-13 18:25 - 00002003 _____ C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2016-04-28 02:36 - 2014-04-08 11:33 - 00001148 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2016-04-28 02:36 - 2014-02-07 11:22 - 00001282 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2016-04-28 02:36 - 2013-12-06 18:55 - 00000941 _____ C:\Users\Public\Desktop\FLV2PC.lnk
2016-04-28 02:36 - 2013-11-17 15:52 - 00001936 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-04-28 02:36 - 2012-10-03 22:52 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-28 02:36 - 2011-09-28 14:31 - 00002162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-28 02:36 - 2011-09-03 18:03 - 00000864 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-28 02:35 - 2015-12-12 01:44 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-28 02:35 - 2015-11-05 08:59 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-28 02:35 - 2015-11-04 12:37 - 00002405 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-28 02:35 - 2015-11-04 10:42 - 00001055 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-04-28 02:35 - 2015-10-23 09:02 - 00002517 _____ C:\Users\Public\Desktop\TurboTax Business 2014.lnk
2016-04-28 02:35 - 2015-09-30 06:23 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-28 02:35 - 2014-11-07 21:20 - 00000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-04-28 02:35 - 2014-08-13 14:38 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-28 02:35 - 2014-06-22 19:03 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TMAC v6.lnk
2016-04-28 02:35 - 2014-06-22 19:03 - 00001164 _____ C:\Users\Public\Desktop\TMAC v6.lnk
2016-04-28 02:35 - 2013-12-07 13:23 - 00002198 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-28 02:35 - 2013-10-20 15:46 - 00000833 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-04-28 02:35 - 2012-12-26 11:59 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2016-04-28 02:35 - 2012-10-12 13:08 - 00000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-04-28 02:35 - 2011-09-28 14:31 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-28 02:35 - 2011-09-04 05:58 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-28 02:35 - 2007-10-10 19:40 - 00001338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-04-28 02:35 - 2007-10-10 19:40 - 00001269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-04-28 02:35 - 2007-10-10 19:39 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-04-28 02:35 - 2007-10-10 19:39 - 00001422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-04-28 02:34 - 2014-02-12 22:21 - 00001155 _____ C:\Users\deco\Desktop\Downloads - Shortcut.lnk
2016-04-28 02:34 - 2013-10-20 15:46 - 00000853 _____ C:\Users\deco\Desktop\µTorrent.lnk
2016-04-28 02:34 - 2013-01-29 11:09 - 00001913 _____ C:\Users\deco\Desktop\Skype.lnk
2016-04-28 02:34 - 2013-01-25 19:36 - 00000999 _____ C:\Users\deco\Desktop\MKV Player.lnk
2016-04-28 02:34 - 2012-10-12 13:08 - 00000975 _____ C:\Users\deco\Desktop\Audacity.lnk
2016-04-28 02:30 - 2014-08-28 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-28 01:45 - 2012-07-22 14:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-28 01:40 - 2011-10-25 15:18 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-28 01:39 - 2014-07-29 15:14 - 00000392 _____ C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job
2016-04-28 01:39 - 2014-07-29 15:14 - 00000392 _____ C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job
2016-04-28 01:35 - 2012-07-21 12:52 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job
2016-04-27 23:35 - 2012-07-21 12:52 - 00000868 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job
2016-04-27 23:25 - 2014-08-28 13:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-27 23:23 - 2014-08-28 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-27 20:14 - 2014-02-07 10:26 - 00001750 _____ C:\sc-cleaner.txt
2016-04-27 19:23 - 2015-12-12 01:35 - 01008216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-27 13:03 - 2011-08-03 14:49 - 00000000 ____D C:\Users\deco\AppData\Local\VirtualStore
2016-04-27 11:06 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-27 11:06 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-27 01:36 - 2016-01-24 15:12 - 00000000 ___HD C:\Users\deco\AppData\Local\fxTJ3wOFPpr5
2016-04-26 13:10 - 2015-11-19 22:38 - 00000000 ____D C:\Program Files (x86)\Excel Image Assistant
2016-04-26 13:10 - 2014-03-25 12:49 - 00000000 ____D C:\Users\deco\AppData\Local\Packages
2016-04-26 12:56 - 2014-11-25 13:45 - 00000000 ____D C:\Users\deco\Documents\Outlook Files
2016-04-25 10:16 - 2012-08-19 01:32 - 00000000 ____D C:\Users\deco\AppData\Roaming\Skype
2016-04-24 22:24 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-24 22:24 - 2009-07-14 00:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-24 12:09 - 2015-12-12 01:26 - 04920128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-23 22:36 - 2014-07-29 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-23 21:56 - 2010-08-28 02:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-23 16:13 - 2012-07-20 18:38 - 00000000 ____D C:\Users\deco\AppData\Roaming\uTorrent
2016-04-23 11:16 - 2015-11-04 12:37 - 00000000 ___RD C:\Users\deco\OneDrive
2016-04-22 19:43 - 2015-04-04 23:32 - 00000000 ___HD C:\Users\deco\AppData\Local\WrbYKNg8QKQgNR
2016-04-22 04:57 - 2011-09-05 00:30 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 22:21 - 2011-11-24 22:20 - 00000000 ____D C:\Users\deco\AppData\Local\ElevatedDiagnostics
2016-04-17 21:57 - 2011-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-17 21:57 - 2011-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-17 20:25 - 2014-11-07 21:22 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-17 20:25 - 2011-08-03 14:48 - 00000000 ____D C:\Users\deco\AppData\Roaming\Adobe
2016-04-16 10:27 - 2011-08-03 14:48 - 00000000 ____D C:\Users\deco\AppData\Local\Adobe
2016-04-14 18:24 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 09:50 - 2014-09-24 15:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-14 09:47 - 2009-07-13 23:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 21:59 - 2015-10-23 09:04 - 00000000 ____D C:\Users\deco\Desktop\amazon
2016-04-13 14:50 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 14:47 - 2013-08-19 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 14:33 - 2011-10-26 19:55 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 14:09 - 2014-07-29 15:40 - 00000000 ____D C:\Program Files\Nitro
2016-04-13 13:11 - 2015-11-17 12:37 - 00000044 _____ C:\Users\deco\Desktop\card.txt
2016-04-12 14:46 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-08 13:16 - 2012-01-24 22:07 - 00000000 ____D C:\Users\deco\AppData\Roaming\Intuit
2016-04-08 13:00 - 2012-01-24 22:06 - 00001095 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-08 12:57 - 2012-01-24 22:05 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-04-06 15:32 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 15:32 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 13:43 - 2012-07-21 03:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-29 13:41 - 2012-07-21 03:51 - 00000000 ____D C:\ProgramData\Apple
2016-03-29 13:38 - 2011-09-02 00:44 - 00000000 ____D C:\Program Files\iPod
2016-03-29 13:38 - 2011-09-02 00:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-29 13:38 - 2011-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Bonjour

==================== Files in the root of some directories =======

2013-06-28 19:41 - 2013-07-30 00:17 - 0003717 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2016-04-23 21:40 - 2016-04-23 21:40 - 0000030 _____ () C:\Users\deco\AppData\Roaming\.pgbiasfx
2014-11-20 13:54 - 2014-11-20 13:54 - 0000132 _____ () C:\Users\deco\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-03-22 14:54 - 2015-05-22 13:04 - 0000033 _____ () C:\Users\deco\AppData\Roaming\AdobeWLCMCache.dat
2014-08-28 13:04 - 2014-08-28 13:06 - 0000043 _____ () C:\Users\deco\AppData\Roaming\mbam.context.scan
2016-04-17 23:55 - 2016-04-23 19:09 - 0000016 _____ () C:\Users\deco\AppData\Roaming\msregsvv.dll
2014-08-02 18:23 - 2014-08-28 18:07 - 0000086 _____ () C:\Users\deco\AppData\Roaming\WB.CFG
2011-11-07 17:22 - 2011-11-07 17:22 - 0000000 _____ () C:\Users\deco\AppData\Local\{09CAB645-9211-464F-94C3-44802F73D6F4}
2011-12-16 14:29 - 2011-12-16 14:29 - 0000000 _____ () C:\Users\deco\AppData\Local\{1B957172-A890-42A3-9248-7DEEDD3B6504}
2012-01-19 17:15 - 2012-01-19 17:15 - 0000000 _____ () C:\Users\deco\AppData\Local\{94C3ECB7-004E-4BDD-8C96-A0480CED3308}
2012-01-19 17:17 - 2012-01-19 17:17 - 0000000 _____ () C:\Users\deco\AppData\Local\{A0AE2BA0-BC64-4C82-85C5-75CA07927EC2}
2011-12-16 14:27 - 2011-12-16 14:27 - 0000000 _____ () C:\Users\deco\AppData\Local\{A3F3D639-BB66-4436-9F6F-760226486CE7}
2012-01-19 17:20 - 2012-01-19 17:20 - 0000000 _____ () C:\Users\deco\AppData\Local\{CB8DCE11-B253-4EDB-B0CC-A0787B08F204}
2007-10-10 19:34 - 2007-10-10 19:37 - 0015438 _____ () C:\ProgramData\ArcadeDeluxe4.log
2016-04-17 23:55 - 2016-04-23 19:09 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-08-04 20:33 - 2016-01-24 19:37 - 0000705 _____ () C:\ProgramData\currentlist.txt
2011-09-03 15:21 - 2011-09-03 18:33 - 0000646 _____ () C:\ProgramData\hpzinstall.log
2012-01-24 22:06 - 2016-04-08 13:00 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-09-03 18:03 - 2011-09-03 18:04 - 0000090 _____ () C:\ProgramData\PS.log

ZeroAccess:
C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}

Files to move or delete:
====================
C:\Windows\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job


Some files in TEMP:
====================
C:\Users\deco\AppData\Local\Temp\EquilibratingUnmoral.dll
C:\Users\deco\AppData\Local\Temp\ICReinstall_FreeSoundRecorder.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-25 09:48

==================== End of FRST.txt ============================


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Windows\Downloaded Program Files\gbiehuni.dll No File [ ]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Windows\Downloaded Program Files\gbiehuni.dll => No File
FF DefaultSearchEngine: Search Provided by Yahoo
FF user.js: detected! => C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\user.js [2015-01-24]
FF user.js: detected! => C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2015-01-24]
FF SearchPlugin: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\searchplugins\Search Provided by Yahoo.xml [2016-04-28]
FF SearchPlugin: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Search Provided by Yahoo.xml [2016-04-28]
CHR Extension: (Grooveshark Downloader) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2015-04-22] [UpdateUrl: hxxp://groovesharkdownload.net/Download/updates.xml] <==== ATTENTION
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11073\WeatherService.exe [152008 2015-11-23] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-28] (AVG Technologies)
2016-04-28 02:57 - 2016-04-28 02:57 - 00000000 ____D C:\Users\deco\AppData\Roaming\{301B9AD6-7631-5375-2237-33F8E3343557}
2016-04-28 02:56 - 2016-04-28 03:07 - 00000286 _____ C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job
2016-04-28 02:56 - 2016-04-28 03:00 - 00000000 ____D C:\Users\deco\AppData\Local\Chromium
2016-04-28 02:56 - 2016-04-28 02:57 - 00002826 _____ C:\WINDOWS\System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}
2016-04-28 02:56 - 2016-04-28 02:56 - 00003528 _____ C:\WINDOWS\System32\Tasks\decoSubmarineCensuredV2
2016-04-28 02:55 - 2016-04-28 03:08 - 00000000 ____D C:\Users\deco\AppData\Roaming\WeatherTool
2016-04-28 02:55 - 2016-04-28 02:56 - 00000000 ____D C:\Users\deco\AppData\Local\{62E754BB-464F-3803-2BD7-1DEB0FBFE173}
2016-04-27 11:27 - 2016-04-28 00:07 - 00000000 ____D C:\Program Files (x86)\vreXjvX
2016-04-27 11:27 - 2016-04-27 11:27 - 00000007 _____ C:\WINDOWS\SysWOW64\tem68A2.tmp
2016-04-27 11:27 - 2016-04-27 11:27 - 00000000 ____D C:\Users\Public\Documents\vreXjvX
2016-04-27 11:27 - 2016-04-27 11:27 - 00000000 ____D C:\Users\deco\AppData\Local\vreXjvX
2016-04-26 12:18 - 2016-04-26 12:18 - 00000000 ____D C:\Users\deco\AppData\Roaming\WinZiper
2016-04-26 12:18 - 2016-04-26 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-26 12:16 - 2016-04-26 12:17 - 00009416 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core)
2016-04-26 12:15 - 2016-04-26 12:15 - 00000000 ____D C:\Program Files (x86)\QQBrowser
2016-04-24 22:31 - 2016-04-24 22:31 - 00000000 __HDC C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}
2016-04-24 22:27 - 2016-04-24 22:27 - 00000000 __HDC C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2016-04-24 22:25 - 2016-04-24 22:25 - 00000000 __HDC C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2016-04-24 22:25 - 2016-04-24 22:25 - 00000000 __HDC C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2016-04-24 22:24 - 2016-04-24 22:24 - 00000000 __HDC C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}
2016-04-21 22:09 - 2016-04-21 22:09 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-29 12:37 - 2016-03-29 13:38 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-04-28 10:05 - 2014-08-02 16:23 - 00004276 _____ C:\WINDOWS\System32\Tasks\Software Updater
2016-04-22 19:43 - 2015-04-04 23:32 - 00000000 ___HD C:\Users\deco\AppData\Local\WrbYKNg8QKQgNR
2013-06-28 19:41 - 2013-07-30 00:17 - 0003717 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2016-04-23 21:40 - 2016-04-23 21:40 - 0000030 _____ () C:\Users\deco\AppData\Roaming\.pgbiasfx
2011-11-07 17:22 - 2011-11-07 17:22 - 0000000 _____ () C:\Users\deco\AppData\Local\{09CAB645-9211-464F-94C3-44802F73D6F4}
2011-12-16 14:29 - 2011-12-16 14:29 - 0000000 _____ () C:\Users\deco\AppData\Local\{1B957172-A890-42A3-9248-7DEEDD3B6504}
2012-01-19 17:15 - 2012-01-19 17:15 - 0000000 _____ () C:\Users\deco\AppData\Local\{94C3ECB7-004E-4BDD-8C96-A0480CED3308}
2012-01-19 17:17 - 2012-01-19 17:17 - 0000000 _____ () C:\Users\deco\AppData\Local\{A0AE2BA0-BC64-4C82-85C5-75CA07927EC2}
2011-12-16 14:27 - 2011-12-16 14:27 - 0000000 _____ () C:\Users\deco\AppData\Local\{A3F3D639-BB66-4436-9F6F-760226486CE7}
2012-01-19 17:20 - 2012-01-19 17:20 - 0000000 _____ () C:\Users\deco\AppData\Local\{CB8DCE11-B253-4EDB-B0CC-A0787B08F204}
Task: {0082CB07-1A3F-4A36-A5D5-9A68C4C14222} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {164E1DBC-B904-47FA-AC2C-828A2556423A} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\4112321BEB2F5A5D9E44C7359A2F9BD9\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATTENTION
Task: {2C330AAB-0AF9-40BE-A4C7-305394855199} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A0226D3-6BFF-42D1-8E6A-0CADC40AF4AB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4D2C42E0-76C9-4D97-87C3-D920C35BBFA4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{8B3231ED-D2A4-4B42-9162-7E168A0B1C7E}.exe
Task: {546D9CA4-9967-4A2B-AA4E-0104016EA2AA} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{10935D2D-F1D7-48A2-9B6C-6222E25B23D2}.exe
Task: {597F4DE6-8398-4ACC-88E8-353729DE49E2} - System32\Tasks\decoSubmarineCensuredV2 => Rundll32.exe EquilibratingUnmoral.dll,main 7 1 <==== ATTENTION
Task: {5BFD6875-2F63-4111-B151-65A01AB933C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {60883618-B40F-45E4-AC85-CCD4D3D71FAB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {72688EFD-3D9C-481B-B4B8-DFEAF567ED64} - System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557} => C:\Users\deco\AppData\Roaming\{301B9~1\PRICEF~1.EXE [2013-04-13] ()
Task: {7DD20FCC-35E2-41B4-A1B2-7335B24152FD} - System32\Tasks\{6DCA8638-5A9B-4230-B5D3-17B29F43FB58} => pcalua.exe -a C:\Users\deco\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {914C3094-B31E-47FA-8362-D0475A8A8A1B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9E9B0BD0-3B91-4034-A819-3C2BFA4E2DCF} - System32\Tasks\{943BE6FF-7BE5-4C88-ADD9-AD23289D0B5F} => pcalua.exe -a C:\Users\deco\Downloads\slsk157NS13c.exe -d C:\Users\deco\Downloads
Task: {C34F894D-E9D4-4F23-97C7-4E4475613876} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C668E13F-07F9-410C-8A2F-019A59605A49} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9D301B8-942B-4681-A996-3F574931999E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E2CA1C4E-194A-457B-AA75-B4559CE63A8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EBA002FB-FB0E-406A-BF7E-CC3326E78CDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F41A8E78-A826-4E5F-907C-4B814D1BEC42} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F5C3BFE4-0167-4668-838F-F067352FD9B3} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-11-20] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{10935D2D-F1D7-48A2-9B6C-6222E25B23D2}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{8B3231ED-D2A4-4B42-9162-7E168A0B1C7E}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job => C:\Users\deco\AppData\Roaming\{301B9~1\PRICEF~1.EXE
AlternateDataStreams: C:\ProgramData\Microsoft:INL1pHYdTghSiscdUO [2132]
AlternateDataStreams: C:\ProgramData\Microsoft:JC00IUg3n1Mx2poMMk [2254]
AlternateDataStreams: C:\ProgramData\Microsoft:Ys9gXmQ3SrbipY4xA65epdF [2056]
AlternateDataStreams: C:\ProgramData\Microsoft:YSZUZXKIzleugtKMK [639]
AlternateDataStreams: C:\Users\deco\Local Settings:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\Local Settings:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\AppData\Local:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local\fxTJ3wOFPpr5:hmVaetgd9kzvQ7J84ObD [2064]
C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}
C:\Program Files (x86)\QQBrowser
C:\Users\deco\AppData\Roaming\omiga-plus
C:\Users\deco\Downloads\slsk157NS13c.exe
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\SoftwareUpdater
C:\Program Files (x86)\WeatherTool
C:\Windows\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job
C:\Users\deco\AppData\Local\Temp\EquilibratingUnmoral.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Hi, here's my fixlog: but it looks like my windows defender is blocking the installation of the ADWcleaner thinking is a virus. Had to disable real time protection on defender and ran the adwcleaner from my downloads folder cos it was disappearing from my desktop when I had it dragged onto my desktop. Computer froze after adwcleaner finished the scan and clean. HAd to manually restart the computer. Start up time is very very slow on reboot.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by deco (2016-04-28 12:07:08) Run:1
Running from C:\Users\deco\Desktop
Loaded Profiles: deco (Available Profiles: deco & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Windows\Downloaded Program Files\gbiehuni.dll No File [ ]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtD0FyE0Ezy0F0DyCtAtAtN0D0Tzu0StCyDyBzytN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0ByE0F0AtC0DtGyCzyzy0BtGyD0FzztCtGtCzy0D0BtGtBtDzy0EyByBtD0DyD0DtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FtB0AtDzytC0BtGzyyEyB0EtGyE0EtAyEtG0AtAyC0FtG0AzztAyByBtA0BtByCyDtAyE2QtN0A0LzutB%26cr%3D1432101080%26a%3Dwbf_freaudedtr_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Windows\Downloaded Program Files\gbiehuni.dll => No File
FF DefaultSearchEngine: Search Provided by Yahoo
FF user.js: detected! => C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\user.js [2015-01-24]
FF user.js: detected! => C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2015-01-24]
FF SearchPlugin: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\searchplugins\Search Provided by Yahoo.xml [2016-04-28]
FF SearchPlugin: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Search Provided by Yahoo.xml [2016-04-28]
CHR Extension: (Grooveshark Downloader) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2015-04-22] [UpdateUrl: hxxp://groovesharkdownload.net/Download/updates.xml] <==== ATTENTION
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11073\WeatherService.exe [152008 2015-11-23] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-28] (AVG Technologies)
2016-04-28 02:57 - 2016-04-28 02:57 - 00000000 ____D C:\Users\deco\AppData\Roaming\{301B9AD6-7631-5375-2237-33F8E3343557}
2016-04-28 02:56 - 2016-04-28 03:07 - 00000286 _____ C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job
2016-04-28 02:56 - 2016-04-28 03:00 - 00000000 ____D C:\Users\deco\AppData\Local\Chromium
2016-04-28 02:56 - 2016-04-28 02:57 - 00002826 _____ C:\WINDOWS\System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}
2016-04-28 02:56 - 2016-04-28 02:56 - 00003528 _____ C:\WINDOWS\System32\Tasks\decoSubmarineCensuredV2
2016-04-28 02:55 - 2016-04-28 03:08 - 00000000 ____D C:\Users\deco\AppData\Roaming\WeatherTool
2016-04-28 02:55 - 2016-04-28 02:56 - 00000000 ____D C:\Users\deco\AppData\Local\{62E754BB-464F-3803-2BD7-1DEB0FBFE173}
2016-04-27 11:27 - 2016-04-28 00:07 - 00000000 ____D C:\Program Files (x86)\vreXjvX
2016-04-27 11:27 - 2016-04-27 11:27 - 00000007 _____ C:\WINDOWS\SysWOW64\tem68A2.tmp
2016-04-27 11:27 - 2016-04-27 11:27 - 00000000 ____D C:\Users\Public\Documents\vreXjvX
2016-04-27 11:27 - 2016-04-27 11:27 - 00000000 ____D C:\Users\deco\AppData\Local\vreXjvX
2016-04-26 12:18 - 2016-04-26 12:18 - 00000000 ____D C:\Users\deco\AppData\Roaming\WinZiper
2016-04-26 12:18 - 2016-04-26 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-26 12:16 - 2016-04-26 12:17 - 00009416 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core)
2016-04-26 12:15 - 2016-04-26 12:15 - 00000000 ____D C:\Program Files (x86)\QQBrowser
2016-04-24 22:31 - 2016-04-24 22:31 - 00000000 __HDC C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}
2016-04-24 22:27 - 2016-04-24 22:27 - 00000000 __HDC C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2016-04-24 22:25 - 2016-04-24 22:25 - 00000000 __HDC C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2016-04-24 22:25 - 2016-04-24 22:25 - 00000000 __HDC C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2016-04-24 22:24 - 2016-04-24 22:24 - 00000000 __HDC C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}
2016-04-21 22:09 - 2016-04-21 22:09 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-29 12:37 - 2016-03-29 13:38 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-04-28 10:05 - 2014-08-02 16:23 - 00004276 _____ C:\WINDOWS\System32\Tasks\Software Updater
2016-04-22 19:43 - 2015-04-04 23:32 - 00000000 ___HD C:\Users\deco\AppData\Local\WrbYKNg8QKQgNR
2013-06-28 19:41 - 2013-07-30 00:17 - 0003717 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2016-04-23 21:40 - 2016-04-23 21:40 - 0000030 _____ () C:\Users\deco\AppData\Roaming\.pgbiasfx
2011-11-07 17:22 - 2011-11-07 17:22 - 0000000 _____ () C:\Users\deco\AppData\Local\{09CAB645-9211-464F-94C3-44802F73D6F4}
2011-12-16 14:29 - 2011-12-16 14:29 - 0000000 _____ () C:\Users\deco\AppData\Local\{1B957172-A890-42A3-9248-7DEEDD3B6504}
2012-01-19 17:15 - 2012-01-19 17:15 - 0000000 _____ () C:\Users\deco\AppData\Local\{94C3ECB7-004E-4BDD-8C96-A0480CED3308}
2012-01-19 17:17 - 2012-01-19 17:17 - 0000000 _____ () C:\Users\deco\AppData\Local\{A0AE2BA0-BC64-4C82-85C5-75CA07927EC2}
2011-12-16 14:27 - 2011-12-16 14:27 - 0000000 _____ () C:\Users\deco\AppData\Local\{A3F3D639-BB66-4436-9F6F-760226486CE7}
2012-01-19 17:20 - 2012-01-19 17:20 - 0000000 _____ () C:\Users\deco\AppData\Local\{CB8DCE11-B253-4EDB-B0CC-A0787B08F204}
Task: {0082CB07-1A3F-4A36-A5D5-9A68C4C14222} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {164E1DBC-B904-47FA-AC2C-828A2556423A} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\4112321BEB2F5A5D9E44C7359A2F9BD9\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATTENTION
Task: {2C330AAB-0AF9-40BE-A4C7-305394855199} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A0226D3-6BFF-42D1-8E6A-0CADC40AF4AB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4D2C42E0-76C9-4D97-87C3-D920C35BBFA4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{8B3231ED-D2A4-4B42-9162-7E168A0B1C7E}.exe
Task: {546D9CA4-9967-4A2B-AA4E-0104016EA2AA} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{10935D2D-F1D7-48A2-9B6C-6222E25B23D2}.exe
Task: {597F4DE6-8398-4ACC-88E8-353729DE49E2} - System32\Tasks\decoSubmarineCensuredV2 => Rundll32.exe EquilibratingUnmoral.dll,main 7 1 <==== ATTENTION
Task: {5BFD6875-2F63-4111-B151-65A01AB933C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {60883618-B40F-45E4-AC85-CCD4D3D71FAB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {72688EFD-3D9C-481B-B4B8-DFEAF567ED64} - System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557} => C:\Users\deco\AppData\Roaming\{301B9~1\PRICEF~1.EXE [2013-04-13] ()
Task: {7DD20FCC-35E2-41B4-A1B2-7335B24152FD} - System32\Tasks\{6DCA8638-5A9B-4230-B5D3-17B29F43FB58} => pcalua.exe -a C:\Users\deco\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {914C3094-B31E-47FA-8362-D0475A8A8A1B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9E9B0BD0-3B91-4034-A819-3C2BFA4E2DCF} - System32\Tasks\{943BE6FF-7BE5-4C88-ADD9-AD23289D0B5F} => pcalua.exe -a C:\Users\deco\Downloads\slsk157NS13c.exe -d C:\Users\deco\Downloads
Task: {C34F894D-E9D4-4F23-97C7-4E4475613876} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C668E13F-07F9-410C-8A2F-019A59605A49} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9D301B8-942B-4681-A996-3F574931999E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E2CA1C4E-194A-457B-AA75-B4559CE63A8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EBA002FB-FB0E-406A-BF7E-CC3326E78CDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F41A8E78-A826-4E5F-907C-4B814D1BEC42} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F5C3BFE4-0167-4668-838F-F067352FD9B3} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-11-20] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{10935D2D-F1D7-48A2-9B6C-6222E25B23D2}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{8B3231ED-D2A4-4B42-9162-7E168A0B1C7E}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job => C:\Users\deco\AppData\Roaming\{301B9~1\PRICEF~1.EXE
AlternateDataStreams: C:\ProgramData\Microsoft:INL1pHYdTghSiscdUO [2132]
AlternateDataStreams: C:\ProgramData\Microsoft:JC00IUg3n1Mx2poMMk [2254]
AlternateDataStreams: C:\ProgramData\Microsoft:Ys9gXmQ3SrbipY4xA65epdF [2056]
AlternateDataStreams: C:\ProgramData\Microsoft:YSZUZXKIzleugtKMK [639]
AlternateDataStreams: C:\Users\deco\Local Settings:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\Local Settings:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\AppData\Local:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:2qTWSJ0QW6qXwQQW47MlLy [2398]
AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:5VfbgSCAXOk224D9qaxLT [2554]
AlternateDataStreams: C:\Users\deco\AppData\Local\fxTJ3wOFPpr5:hmVaetgd9kzvQ7J84ObD [2064]
C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}
C:\Program Files (x86)\QQBrowser
C:\Users\deco\AppData\Roaming\omiga-plus
C:\Users\deco\Downloads\slsk157NS13c.exe
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\SoftwareUpdater
C:\Program Files (x86)\WeatherTool
C:\Windows\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job
C:\Users\deco\AppData\Local\Temp\EquilibratingUnmoral.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399008} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399008}" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}" => key removed successfully
HKCR\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully
Firefox DefaultSearchEngine removed successfully
C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\user.js => moved successfully
C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js => moved successfully
C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\searchplugins\Search Provided by Yahoo.xml => moved successfully
C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Search Provided by Yahoo.xml => moved successfully
C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp <==== ATTENTION => not found
TheDesktopWeatherService => Unable to stop service.
TheDesktopWeatherService => service removed successfully
avgtp => Unable to stop service.
avgtp => service removed successfully
C:\Users\deco\AppData\Roaming\{301B9AD6-7631-5375-2237-33F8E3343557} => moved successfully
C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job => moved successfully
C:\Users\deco\AppData\Local\Chromium => moved successfully
C:\WINDOWS\System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557} => moved successfully
C:\WINDOWS\System32\Tasks\decoSubmarineCensuredV2 => moved successfully
C:\Users\deco\AppData\Roaming\WeatherTool => moved successfully
C:\Users\deco\AppData\Local\{62E754BB-464F-3803-2BD7-1DEB0FBFE173} => moved successfully
C:\Program Files (x86)\vreXjvX => moved successfully
C:\WINDOWS\SysWOW64\tem68A2.tmp => moved successfully
C:\Users\Public\Documents\vreXjvX => moved successfully
C:\Users\deco\AppData\Local\vreXjvX => moved successfully
C:\Users\deco\AppData\Roaming\WinZiper => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip => moved successfully
C:\WINDOWS\System32\Tasks\Browser Updater Task(Core) => moved successfully
C:\Program Files (x86)\QQBrowser => moved successfully
C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B} => moved successfully
C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9} => moved successfully
C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} => moved successfully
C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} => moved successfully
C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7} => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => moved successfully
C:\WINDOWS\System32\Tasks\Software Updater => moved successfully
C:\Users\deco\AppData\Local\WrbYKNg8QKQgNR => moved successfully
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => moved successfully
C:\Users\deco\AppData\Roaming\.pgbiasfx => moved successfully
C:\Users\deco\AppData\Local\{09CAB645-9211-464F-94C3-44802F73D6F4} => moved successfully
C:\Users\deco\AppData\Local\{1B957172-A890-42A3-9248-7DEEDD3B6504} => moved successfully
C:\Users\deco\AppData\Local\{94C3ECB7-004E-4BDD-8C96-A0480CED3308} => moved successfully
C:\Users\deco\AppData\Local\{A0AE2BA0-BC64-4C82-85C5-75CA07927EC2} => moved successfully
C:\Users\deco\AppData\Local\{A3F3D639-BB66-4436-9F6F-760226486CE7} => moved successfully
C:\Users\deco\AppData\Local\{CB8DCE11-B253-4EDB-B0CC-A0787B08F204} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0082CB07-1A3F-4A36-A5D5-9A68C4C14222}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0082CB07-1A3F-4A36-A5D5-9A68C4C14222}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{164E1DBC-B904-47FA-AC2C-828A2556423A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{164E1DBC-B904-47FA-AC2C-828A2556423A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Browser Updater Task(Core) => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater Task(Core)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C330AAB-0AF9-40BE-A4C7-305394855199}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C330AAB-0AF9-40BE-A4C7-305394855199}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A0226D3-6BFF-42D1-8E6A-0CADC40AF4AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A0226D3-6BFF-42D1-8E6A-0CADC40AF4AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D2C42E0-76C9-4D97-87C3-D920C35BBFA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D2C42E0-76C9-4D97-87C3-D920C35BBFA4}" => key removed successfully
C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{546D9CA4-9967-4A2B-AA4E-0104016EA2AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{546D9CA4-9967-4A2B-AA4E-0104016EA2AA}" => key removed successfully
C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{597F4DE6-8398-4ACC-88E8-353729DE49E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597F4DE6-8398-4ACC-88E8-353729DE49E2}" => key removed successfully
C:\WINDOWS\System32\Tasks\decoSubmarineCensuredV2 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\decoSubmarineCensuredV2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BFD6875-2F63-4111-B151-65A01AB933C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BFD6875-2F63-4111-B151-65A01AB933C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60883618-B40F-45E4-AC85-CCD4D3D71FAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60883618-B40F-45E4-AC85-CCD4D3D71FAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72688EFD-3D9C-481B-B4B8-DFEAF567ED64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72688EFD-3D9C-481B-B4B8-DFEAF567ED64}" => key removed successfully
C:\WINDOWS\System32\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{301B9AD6-7631-5375-2237-33F8E3343557}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD20FCC-35E2-41B4-A1B2-7335B24152FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD20FCC-35E2-41B4-A1B2-7335B24152FD}" => key removed successfully
C:\WINDOWS\System32\Tasks\{6DCA8638-5A9B-4230-B5D3-17B29F43FB58} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DCA8638-5A9B-4230-B5D3-17B29F43FB58}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{914C3094-B31E-47FA-8362-D0475A8A8A1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{914C3094-B31E-47FA-8362-D0475A8A8A1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E9B0BD0-3B91-4034-A819-3C2BFA4E2DCF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E9B0BD0-3B91-4034-A819-3C2BFA4E2DCF}" => key removed successfully
C:\WINDOWS\System32\Tasks\{943BE6FF-7BE5-4C88-ADD9-AD23289D0B5F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{943BE6FF-7BE5-4C88-ADD9-AD23289D0B5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C34F894D-E9D4-4F23-97C7-4E4475613876}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C34F894D-E9D4-4F23-97C7-4E4475613876}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C668E13F-07F9-410C-8A2F-019A59605A49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C668E13F-07F9-410C-8A2F-019A59605A49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9D301B8-942B-4681-A996-3F574931999E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9D301B8-942B-4681-A996-3F574931999E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2CA1C4E-194A-457B-AA75-B4559CE63A8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2CA1C4E-194A-457B-AA75-B4559CE63A8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBA002FB-FB0E-406A-BF7E-CC3326E78CDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBA002FB-FB0E-406A-BF7E-CC3326E78CDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F41A8E78-A826-4E5F-907C-4B814D1BEC42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F41A8E78-A826-4E5F-907C-4B814D1BEC42}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5C3BFE4-0167-4668-838F-F067352FD9B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5C3BFE4-0167-4668-838F-F067352FD9B3}" => key removed successfully
C:\WINDOWS\System32\Tasks\Software Updater => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater" => key removed successfully
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => moved successfully
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\WINDOWS\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job => not found.
C:\ProgramData\Microsoft => ":INL1pHYdTghSiscdUO" ADS removed successfully.
C:\ProgramData\Microsoft => ":JC00IUg3n1Mx2poMMk" ADS removed successfully.
C:\ProgramData\Microsoft => ":Ys9gXmQ3SrbipY4xA65epdF" ADS removed successfully.
C:\ProgramData\Microsoft => ":YSZUZXKIzleugtKMK" ADS removed successfully.
"C:\Users\deco\Local Settings" => ":2qTWSJ0QW6qXwQQW47MlLy" ADS not found.
"C:\Users\deco\Local Settings" => ":5VfbgSCAXOk224D9qaxLT" ADS not found.
C:\Users\deco\AppData\Local => ":2qTWSJ0QW6qXwQQW47MlLy" ADS removed successfully.
C:\Users\deco\AppData\Local => ":5VfbgSCAXOk224D9qaxLT" ADS removed successfully.
"C:\Users\deco\AppData\Local\Application Data" => ":2qTWSJ0QW6qXwQQW47MlLy" ADS not found.
"C:\Users\deco\AppData\Local\Application Data" => ":5VfbgSCAXOk224D9qaxLT" ADS not found.
C:\Users\deco\AppData\Local\fxTJ3wOFPpr5 => ":hmVaetgd9kzvQ7J84ObD" ADS removed successfully.
C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48} => moved successfully
"C:\Program Files (x86)\QQBrowser" => not found.
"C:\Users\deco\AppData\Roaming\omiga-plus" => not found.
"C:\Users\deco\Downloads\slsk157NS13c.exe" => not found.
"C:\Program Files (x86)\MyPC Backup" => not found.
C:\Program Files (x86)\SoftwareUpdater => moved successfully
 
"C:\Program Files (x86)\WeatherTool" folder move:
 
Could not move "C:\Program Files (x86)\WeatherTool" => Scheduled to move on reboot.
 
"C:\Windows\Tasks\{301B9AD6-7631-5375-2237-33F8E3343557}.job" => not found.
C:\Users\deco\AppData\Local\Temp\EquilibratingUnmoral.dll => moved successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1.5 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-28 12:18:57)
 
C:\Program Files (x86)\WeatherTool => Is moved successfully
 
==== End of Fixlog 12:18:58 ====
 
# AdwCleaner v5.114 - Logfile created 28/04/2016 at 12:36:04
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : deco - DECO-PC
# Running from : C:\Users\deco\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\930d7d40f231d1f4
[-] Folder Deleted : C:\ProgramData\956a618c00005896
[-] Folder Deleted : C:\ProgramData\{f52637f0-c9e2-6240-f526-637f0c9edfc3}
[#] Folder Deleted : C:\ProgramData\Application Data\apn
[#] Folder Deleted : C:\ProgramData\Application Data\930d7d40f231d1f4
[#] Folder Deleted : C:\ProgramData\Application Data\956a618c00005896
[#] Folder Deleted : C:\ProgramData\Application Data\{f52637f0-c9e2-6240-f526-637f0c9edfc3}
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
[-] Folder Deleted : C:\Users\deco\AppData\Local\DownloadGuide
[-] Folder Deleted : C:\Users\deco\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\deco\AppData\LocalLow\Tbccint
[-] Folder Deleted : C:\Users\deco\AppData\Roaming\eCyber
[-] Folder Deleted : C:\Users\deco\AppData\Roaming\GrabPro
[-] Folder Deleted : C:\Users\deco\AppData\Roaming\ProgSense
[-] Folder Deleted : C:\Users\deco\AppData\Local\VirtualStore\Program Files (x86)\orbitdownloader
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\318ngk5b.default\searchplugins\Search Provided by Yahoo.xml
[-] File Deleted : C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dbkchnicaiglcjpgbmpfmoafckkomdcm
[-] File Deleted : C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Key Deleted : HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\ContextTrue
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\ProgSense
[-] Key Deleted : HKCU\Software\Video Player
[-] Key Deleted : HKCU\Software\WeatherTool
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\SiteSee
[-] Key Deleted : HKLM\SOFTWARE\qkseeSvc
[-] Key Deleted : HKLM\SOFTWARE\qksee
[-] Key Deleted : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key Deleted : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key Deleted : HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yahooprovidedsearch
[-] Key Deleted : [x64] HKLM\SOFTWARE\WeatherTool
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherTool
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3406242734-3781281278-1370421689-1000\Software\AVG Secure Search
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\318ngk5b.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "Search Provided by Yahoo");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\318ngk5b.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "Search Provided by Yahoo");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\318ngk5b.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_freaudedtr_16_18&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DWincy%26c[...]
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [8285 bytes] - [28/04/2016 12:36:04]
C:\AdwCleaner\AdwCleaner[R0].txt - [2979 bytes] - [12/11/2013 14:15:51]
C:\AdwCleaner\AdwCleaner[R1].txt - [1009 bytes] - [12/11/2013 19:41:23]
C:\AdwCleaner\AdwCleaner[R2].txt - [4525 bytes] - [08/05/2014 11:10:51]
C:\AdwCleaner\AdwCleaner[R3].txt - [1181 bytes] - [14/05/2014 08:26:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [2979 bytes] - [12/11/2013 14:17:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [13305 bytes] - [08/05/2014 11:14:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [1243 bytes] - [14/05/2014 08:30:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8870 bytes] ##########
 

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the McAfee removal tool to your desktop http://us.mcafee.com...s/mcpr/mcpr.asp

Run the tool and reboot, then run a fresh FRST scan so that I can manually remove any remnants
  • 0

#7
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Here we go, after all this my windows defender is still removing malwares after reboot. Thats whats removed:

!#Lua:IOAVTTopLevellSOFile

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by deco (2016-04-28 23:05:39)
Running from C:\Users\deco\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-12 05:00:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3406242734-3781281278-1370421689-500 - Administrator - Disabled)
deco (S-1-5-21-3406242734-3781281278-1370421689-1000 - Administrator - Enabled) => C:\Users\deco
DefaultAccount (S-1-5-21-3406242734-3781281278-1370421689-503 - Limited - Disabled)
Guest (S-1-5-21-3406242734-3781281278-1370421689-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3406242734-3781281278-1370421689-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.5 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.5 - Avid Technology, Inc.)
BIAS FX Plugins Pack (64bit) (HKLM\...\{77558DEB-4B65-4921-8855-D8593EF5BCDD}) (Version: 1.1.0.745 - PositiveGrid)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\CopyTrans Suite) (Version: 4.006 - WindSolutions)
Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Excel Image Assistant (HKLM-x32\...\Excel Image Assistant) (Version:  - )
FLV2PC v5.9.0 (HKLM-x32\...\FLV2PC_is1) (Version: 5.9.0 - )
Free Sound Recorder v10.7.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2015 FreeSoundRecorder Technologies, Inc.)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKV Player 2.1 (HKLM-x32\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SoulSeek 157 NS 13c (HKLM-x32\...\Soulseek2) (Version:  - )
Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax Business 2014 (HKLM-x32\...\TurboTax Business 2014) (Version: 2014.0 - Intuit, Inc)
Update for PriceFountain (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\{301B9AD6-7631-5375-2237-33F8E3343557}) (Version:  - Update for PriceFountain) <==== ATTENTION
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waves Central 1.1.0.22 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.1.0 - Waves, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073DB72E-520B-476A-83CD-8D0EFBCCD693} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0990C8D9-EE91-48A8-A7EA-BC16B9F5E633} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0AAA4631-90BD-4059-9953-D7789AD22A9F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {0B882D45-82EB-4285-8153-8FEE43C7811E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1731CFA9-44C9-4895-8951-191264F40C88} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {1E2C773E-1E8F-4220-B806-3AE93DAFBECF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1E90BD4A-9FD0-493C-9566-3AF6C05E52D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1EFE906B-4FE7-4140-A3B5-F86B6F64ADFE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {23B0C235-4701-4C8F-9601-0251DA8AD908} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {298C1599-D9DB-4C4A-BA02-088F48977A54} - System32\Tasks\WpsNotifyTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: {2ACA76F7-0D5F-4C79-9BDE-4350D390B30D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2ADA7A2F-622C-4AFB-B1D9-B999209051D6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {365D86BC-5134-47B1-BB11-740B2110BFAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {37A5DD81-DA52-4D1C-91E5-5040D016AFD5} - System32\Tasks\{BA70839E-3DF2-4CE1-88F6-355ABC9E2756} => pcalua.exe -a C:\Users\deco\Downloads\OJJ3600_Basic_8.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3AF2CE55-D5C8-4103-ABE3-CA221248000C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {3E323ED9-C944-476D-9C9F-11B8A91C5C04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3F3BD157-DFAC-461B-91A5-817D0B419232} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {400BAD29-BE43-48EB-BB65-38B21C018A7D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4717237E-E6F3-41FB-96DD-AD0656BF1538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4DC3C2C2-54DB-499D-A7E8-52D3D75F0DE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {53E76346-070C-4782-9790-EF8865266376} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-24] ()
Task: {566F65A2-1225-4932-9D23-7B8A8D203CFA} - System32\Tasks\WpsUpdateTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
Task: {5AD32A4A-8487-4178-A0FF-3EC87AAE9786} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {675B0837-4E35-4CD2-AEC9-B86D968B94DC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {68147C55-59B1-4AD2-9D48-E11474E770B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6B941C49-48AD-4D32-8C29-A0767F055E6F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {76B35647-2001-4BFF-A915-7AB628E63652} - System32\Tasks\{94406A97-1D05-4EDC-9023-3A95ADF895DD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {819D4373-D2B8-48BA-ACA0-230CFB0116F5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8AB962DC-3BAB-410D-8136-A43F66D75638} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8D181F06-1B71-487F-B064-8F759498D053} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {95867F60-D3A9-4BB0-8320-B76440C6D679} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {960C5D1A-E9A3-418B-A83E-6066467903A1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9ED3F406-964D-4D6D-A9E2-408371E347D0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A499A215-0EAB-4331-837B-56F6FDE3518D} - System32\Tasks\{F04144C3-83B0-4F3B-93EA-02F7C7EA719A} => pcalua.exe -a "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)\Adobe Photoshop CS3 BR + plugins.exe" -d "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)"
Task: {A9FEC67A-CF3A-486D-AAF0-C74F405BA1F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {AD8635C9-BDDD-46EF-8707-68EB52587AFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B1C22FF1-FA09-4B2C-BBE9-157DBF93F18B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B4874A9D-B4A4-42F6-A34C-CA78981C4576} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B552622A-A873-472B-9675-34F57C9197D8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {BF81E49F-1AC9-41F2-A733-AD1B97FF5CD3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C2449A8A-385F-431A-AAA9-A12ADC7A50B3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CE60488E-EFBF-4DB9-95E0-21B8F09855D5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D8FC8D76-9CE2-4035-BE20-68A7814DD301} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {DCA58A7C-F574-4CF9-85CE-F164468A48EA} - System32\Tasks\{8780E631-761F-43D1-B7EE-72AD457648EC} => pcalua.exe -a "C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe" -d "C:\Program Files (x86)\ESET\ESET Online Scanner"
Task: {E278F4FE-3B4B-4B1B-BFF2-3666BAE67D3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E2C81D1E-43D3-4176-A7A0-8A98ECDE546A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E944B168-1C2B-4D5F-9BA1-5CE3EC0E0035} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {ED4943D8-8203-4EBB-85AA-8187CEE1988A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F361E2B5-1C1C-44ED-AD56-6171645895E8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F8A9EA0E-7700-4C36-AEE7-F6464B3BC7DA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {FA46A383-0D24-4D24-A320-DB99E0A6F007} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FE6C2BCF-F8B2-4494-AA07-8E0BD0C53ADA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-09-24 15:09 - 2014-09-24 15:09 - 03727360 _____ () C:\Windows\AutoKMS\AutoKMS.exe
2015-11-20 09:57 - 2015-11-20 09:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 09:57 - 2015-11-20 09:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-10-26 18:59 - 2014-10-26 18:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-19 18:59 - 2016-04-19 18:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-23 11:16 - 2016-04-23 11:16 - 00959176 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-09-15 09:58 - 2015-09-15 09:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 09:09 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 11:05 - 2016-04-02 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 11:06 - 2016-04-02 00:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 11:05 - 2016-04-01 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 11:06 - 2016-04-01 23:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 11:07 - 2016-04-02 00:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-08-04 09:40 - 2010-08-04 09:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-10-29 15:06 - 2014-10-29 15:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-10-30 01:41 - 2014-10-30 01:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2016-04-19 18:59 - 2016-04-19 18:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-23 11:15 - 2016-04-23 11:15 - 00679624 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2010-08-04 06:47 - 2010-08-04 06:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 201.17.0.64 - 201.17.0.92
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IAAnotif"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GoforFilesInstaller Starter"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{6524771A-8D5D-4DFE-8890-89E80B697B07}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{333035C3-47AC-468E-9B34-F3F93279131F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{24F34BBE-B9E6-4AA0-ABB5-83218659640F}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{FFD32ED0-94F9-4FE2-AFC6-D074C390837B}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{8B882952-1FE3-4A5A-ADA2-7F113818DFFD}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{36F6E301-0EB6-47CF-8B45-D14D3925316B}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8CB0BA09-1E6C-4387-BE61-DE8B895C3F8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FDE3F47F-12A1-40C2-9DDE-CA111EAD6226}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{83EC21CA-57BD-464F-B7F3-F704FF0C9684}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6D26D805-A69E-4F5C-9A79-1ED48DD3E7AF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7F37147D-813A-42BF-B9F9-9A5FF56AFC33}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C176598F-A553-43F2-AFE3-8C9DA3C7B830}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{62AB4B90-7C98-4A77-998D-6B9EB22BD795}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{72CB84AB-6594-43CF-B1D9-2433089BC041}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D4B0B46E-D0B2-41F3-A2B5-791D02146DD4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{47B6A7A5-778C-4A80-A9CF-E78A0C662FCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6FA2DB3B-7623-4D05-84AD-19A61ABBBA3E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4E42EE5D-9017-4445-BD46-9BF3B2B36C65}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D3DB5C8A-6530-47FA-99C4-25E31D2AAA0A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C65F13CF-EFFA-4E9E-B2FB-7D802931DB3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6828F2C7-3DE4-4BC6-B55D-EC6018BB6298}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A6D3005-62E5-46B6-BF48-92A713D3F00B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5DD4D070-9151-4532-8A21-A5AD168D5D66}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query User{E4CAA90C-042A-434F-85F7-0D4B247647F3}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [TCP Query User{8E1D36BE-6BFC-4DE6-8B25-53D688BD904D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{E958F3CC-3AA0-4700-B7A6-4F7B91DF6C31}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{A202D653-AF53-40DC-B91B-46D03F38F385}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{36D3D8DC-6BC3-46BF-A5A4-99A5E29A1B2A}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{8548DBCE-BD77-4E8D-954E-E6CD87277880}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe
FirewallRules: [TCP Query User{30BA92D4-8F4F-4419-AB0C-1B768727551C}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{DB372440-C8A3-43C8-B7CB-9180C01DCFF3}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [{AABEA036-0A8F-4F5B-AA37-18CFC48BA752}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [{2717205D-7214-462D-AC43-D26716E49765}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{4FE0F591-75ED-440A-B4F0-0792AC778378}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe
FirewallRules: [{4396C909-C46C-4196-8FD3-0C5D13FB1E3C}] => (Allow) C:\Users\deco\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{4A531FA3-484A-47F1-AA73-B85C826B3FFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A71CBC3C-FA60-44B1-A5C6-B623A82D62A3}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{5CEA14B5-C21E-490C-B923-95AAC635863D}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe

==================== Restore Points =========================

20-04-2016 21:52:41 Installed Waves Central V1.0.3.3
23-04-2016 21:22:16 Removed Waves Central V1.0.3.3
28-04-2016 12:07:11 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2016 10:58:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x56c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/28/2016 10:58:04 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1388) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (04/28/2016 10:54:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x15e0
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (04/28/2016 10:54:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (04/28/2016 01:06:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2016 01:06:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2016 12:50:56 PM) (Source: McLogEvent) (EventID: 5046) (User: NT AUTHORITY)
Description:

Error: (04/28/2016 12:43:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: deco-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/28/2016 12:33:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2016 12:33:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/28/2016 11:00:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (04/28/2016 11:00:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/28/2016 10:58:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The State Repository Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/28/2016 10:58:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2240041 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2016 10:54:10 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #21, {9A7F07DA-64C9-4648-9C86-8AB866A95BC5}, had event 76

Error: (04/28/2016 09:45:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/28/2016 01:50:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_1627b6 service to connect.

Error: (04/28/2016 01:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1627b6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2016 01:35:24 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/28/2016 01:29:06 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.


CodeIntegrity:
===================================
  Date: 2016-04-28 10:21:12.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:31.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:31.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:29.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-27 19:19:29.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:05.356
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:05.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:05.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:04.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-26 12:26:04.717
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4061.17 MB
Available physical RAM: 2425.54 MB
Total Virtual: 8157.17 MB
Available Virtual: 6602.16 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:911.88 GB) (Free:644.98 GB) NTFS
Drive d: (FLASH DRIVE) (Removable) (Total:3.6 GB) (Free:1.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FBC288CC)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: 61B7D1A5)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by deco (administrator) on DECO-PC (28-04-2016 23:02:01)
Running from C:\Users\deco\Desktop
Loaded Profiles: deco (Available Profiles: deco & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\AutoKMS\AutoKMS.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [Google Update] => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2016-04-28]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 201.17.0.64 201.17.0.92
Tcpip\..\Interfaces\{67e01175-984f-458a-99df-04aabdde5b6d}: [DhcpNameServer] 201.17.0.85 201.17.0.55
Tcpip\..\Interfaces\{bc9b8eca-8d3a-463c-a441-d44690c56727}: [DhcpNameServer] 201.17.0.64 201.17.0.92

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: FLVBlaster.FLVBlasterIEAddon -> {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -> C:\Windows\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E37CB5F0-51F5-4395-A808-5FA49E399008} hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-11-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-10-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-11-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic602.dll [No File]
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @talk.google.com/O1DPlugin -> C:\Users\deco\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @tools.google.com/Google Update;version=3 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-3406242734-3781281278-1370421689-1000: @tools.google.com/Google Update;version=9 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-11-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-11-07] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\deco\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\deco\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: SNT - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\Extensions\[email protected] [2014-03-26] [not signed]
FF Extension: Video DownloadHelper - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-03]
FF Extension: SNT - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\[email protected] [2016-04-24] [not signed]
FF Extension: Video DownloadHelper - C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ncr
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Docs) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-12-15]
CHR Extension: (Google Sheets) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Grooveshark Downloader) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2015-04-22] [UpdateUrl: hxxp://groovesharkdownload.net/Download/updates.xml] <==== ATTENTION
CHR Extension: (Search Manager) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-04-28]
CHR Extension: (Gmail) - C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (M-Audio)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-04] (Freemake) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-07] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-24] (Disc Soft Ltd)
R3 MAUSBFASTTRACK; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [460048 2013-05-21] (M-Audio)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 SoundGridMIDI; \SystemRoot\system32\drivers\SoundGridMidi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 23:01 - 2016-04-28 23:01 - 00004842 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428230024
2016-04-28 22:51 - 2016-04-28 22:52 - 07559792 _____ (McAfee, Inc.) C:\Users\deco\Desktop\MCPR.exe
2016-04-28 21:06 - 2016-04-28 21:06 - 00060381 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428210544
2016-04-28 12:52 - 2016-04-28 21:06 - 00074838 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428125116
2016-04-28 12:33 - 2016-04-28 12:33 - 00001526 _____ C:\Users\deco\Downloads\AdwCleaner - Shortcut.lnk
2016-04-28 12:32 - 2016-04-28 12:32 - 03581504 _____ C:\Users\deco\Downloads\AdwCleaner.exe
2016-04-28 12:30 - 2016-04-28 12:31 - 03581504 _____ C:\Users\deco\Desktop\AdwCleaner.exe
2016-04-28 12:19 - 2016-04-28 12:19 - 00036222 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428121841
2016-04-28 10:31 - 2016-04-28 23:02 - 00021727 _____ C:\Users\deco\Desktop\FRST.txt
2016-04-28 10:31 - 2016-04-28 23:02 - 00000000 ____D C:\FRST
2016-04-28 10:30 - 2016-04-28 10:31 - 02376704 _____ (Farbar) C:\Users\deco\Desktop\FRST64.exe
2016-04-28 10:01 - 2016-04-28 10:01 - 00158154 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428100031
2016-04-28 03:18 - 2016-04-28 03:20 - 00000000 ____D C:\Users\deco\AppData\Roaming\Free Sound Recorder
2016-04-28 03:18 - 2016-04-28 03:18 - 00001328 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Free Sound Recorder.lnk
2016-04-28 03:18 - 2016-04-28 03:18 - 00001304 _____ C:\Users\deco\Desktop\Free Sound Recorder.lnk
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\Users\deco\Documents\Free Sound Recorder
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\Users\deco\AppData\Roaming\New Version Available
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2016-04-28 03:18 - 2016-04-28 03:18 - 00000000 ____D C:\Program Files (x86)\Free Sound Recorder
2016-04-28 03:18 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioInformation2.dll
2016-04-28 03:18 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioFile2.dll
2016-04-28 03:18 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioRecord2.dll
2016-04-28 03:18 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioPlayer2.dll
2016-04-28 03:18 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioEditor2.dll
2016-04-28 03:18 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioTransform2.dll
2016-04-28 03:18 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioVisualization2.dll
2016-04-28 03:18 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTTextToAudio2.dll
2016-04-28 03:18 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTWMAFile2.dll
2016-04-28 03:18 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\WINDOWS\SysWOW64\NCTAudioCDGrabber2.dll
2016-04-28 03:18 - 2002-01-05 16:37 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2016-04-28 03:08 - 2016-04-28 10:01 - 00033833 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428030758
2016-04-28 02:32 - 2016-04-28 02:32 - 00041094 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428023143
2016-04-28 02:31 - 2016-04-28 02:31 - 00324468 _____ C:\WINDOWS\Minidump\042816-36578-01.dmp
2016-04-28 02:26 - 2016-04-28 10:37 - 00002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-28 01:01 - 2016-04-28 01:01 - 00103900 _____ C:\WINDOWS\SysWOW64\rsslogs.20160428010034
2016-04-28 00:29 - 2016-04-28 00:29 - 00987728 _____ (Google Inc.) C:\Users\deco\Downloads\ChromeSetup.exe
2016-04-27 23:04 - 2016-04-28 01:01 - 00141369 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427230305
2016-04-27 22:53 - 2016-04-27 22:53 - 00008459 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427225244
2016-04-27 22:49 - 2016-04-27 22:49 - 00002419 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427224809
2016-04-27 22:46 - 2016-04-27 22:47 - 00278316 _____ C:\WINDOWS\Minidump\042716-43156-01.dmp
2016-04-27 22:35 - 2016-04-27 22:35 - 00009673 _____ C:\WINDOWS\SysWOW64\rsslogs.20160427223452
2016-04-27 22:34 - 2016-04-28 02:31 - 690052084 _____ C:\WINDOWS\MEMORY.DMP
2016-04-27 22:34 - 2016-04-28 02:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-27 22:34 - 2016-04-27 22:35 - 00278348 _____ C:\WINDOWS\Minidump\042716-53218-01.dmp
2016-04-27 18:52 - 2016-04-27 17:19 - 68013430 _____ C:\Users\deco\Desktop\Proud Of You.wav
2016-04-27 11:27 - 2016-04-28 02:35 - 00002183 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-27 02:29 - 2016-04-27 19:15 - 00000000 ___HD C:\Users\deco\Desktop\Freemake_do_not_remove_this_folder
2016-04-27 02:22 - 2016-04-27 02:27 - 42468352 _____ C:\Users\deco\Desktop\sewer.wav
2016-04-27 01:24 - 2016-04-27 01:24 - 00023771 _____ C:\Users\deco\Downloads\papyrus.pdf
2016-04-27 01:12 - 2016-04-27 01:12 - 33670268 _____ C:\Users\deco\Desktop\proudofu.wav
2016-04-27 00:34 - 2016-04-27 00:38 - 38405120 _____ C:\Users\deco\Desktop\NJ.wav
2016-04-27 00:11 - 2016-04-27 00:11 - 23931308 _____ C:\Users\deco\Desktop\loathed.wav
2016-04-26 12:16 - 2016-04-27 23:09 - 00000001 _____ C:\WINDOWS\SysWOW64\us.html
2016-04-26 12:15 - 2016-04-26 12:15 - 00006659 _____ C:\Users\deco\Downloads\PDFProcessor.pdf
2016-04-26 00:19 - 2016-04-26 00:19 - 00000000 ____D C:\Users\deco\Desktop\Copy of proud
2016-04-25 11:46 - 2016-04-27 12:15 - 00003574 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000
2016-04-25 11:46 - 2016-04-27 12:15 - 00003514 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000
2016-04-24 22:39 - 2016-04-24 22:39 - 00000000 ____D C:\Users\deco\AppData\Local\Native Instruments
2016-04-24 22:35 - 2016-04-24 22:35 - 00000000 ____D C:\Users\deco\AppData\Local\Disc_Soft_Ltd
2016-04-24 22:33 - 2016-04-24 22:39 - 00000000 ____D C:\Users\deco\Documents\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:28 - 00000000 ____D C:\Program Files\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:28 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:25 - 00000000 ____D C:\ProgramData\Native Instruments
2016-04-24 22:24 - 2016-04-24 22:24 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-24 22:19 - 2016-04-24 22:19 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-04-24 22:14 - 2016-04-24 22:15 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-24 22:14 - 2016-04-24 22:14 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2016-04-24 22:13 - 2016-04-28 02:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-04-24 22:13 - 2016-04-24 22:23 - 00000000 ____D C:\Users\deco\AppData\Roaming\DAEMON Tools Lite
2016-04-24 22:13 - 2016-04-24 22:14 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-04-24 22:13 - 2016-04-24 22:13 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2016-04-24 22:13 - 2016-04-24 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-04-24 22:13 - 2016-04-24 22:13 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-04-24 21:45 - 2016-04-24 21:45 - 00692072 _____ (Disc Soft Ltd.) C:\Users\deco\Downloads\DTLiteInstaller.exe
2016-04-24 11:51 - 2016-04-24 11:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2016-04-24 11:51 - 2016-04-24 11:51 - 00000000 ____D C:\Users\deco\AppData\Roaming\Leadertech
2016-04-24 04:27 - 2016-04-28 02:36 - 00002044 _____ C:\Users\Public\Desktop\Pro Tools 10.lnk
2016-04-24 04:27 - 2016-04-24 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2016-04-24 04:25 - 2016-04-24 04:25 - 00000000 ____D C:\Program Files (x86)\Avid
2016-04-24 04:16 - 2013-08-05 22:02 - 00000000 ____D C:\Users\deco\Downloads\Pro_Tools_10.3.5_Win
2016-04-24 04:16 - 2013-08-05 21:42 - 00000000 ____D C:\Users\deco\Downloads\Patches
2016-04-23 21:56 - 2016-04-23 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves Central
2016-04-23 21:48 - 2016-04-23 21:48 - 00000000 ____D C:\Program Files\Common Files\PositiveGrid
2016-04-23 21:47 - 2015-09-16 00:00 - 185683968 _____ C:\Users\deco\Desktop\BIAS_FX_Windows64bit_v1_1_0_745.msi
2016-04-23 21:40 - 2016-04-23 21:40 - 00000000 ____D C:\Users\deco\AppData\Roaming\BIAS_FX
2016-04-23 16:17 - 2016-04-23 16:18 - 00000000 ____D C:\Users\deco\Desktop\proud
2016-04-23 13:39 - 2016-04-23 13:42 - 00000000 ____D C:\Users\deco\Downloads\Native.Instruments.Guitar.Rig.5.Pro.STANDALONE.VST.RTAS.v5.0.2.x86.x64-ASSiGN(Murlok)
2016-04-22 19:46 - 2016-04-22 19:46 - 00000000 ____D C:\Users\deco\AppData\Local\M-Audio
2016-04-22 19:46 - 2016-04-22 19:46 - 00000000 ____D C:\ProgramData\M-Audio
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\ProgramData\AVID
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\Program Files\M-Audio
2016-04-22 19:40 - 2016-04-22 19:40 - 00000000 ____D C:\Program Files (x86)\M-Audio
2016-04-22 19:40 - 2013-05-21 14:35 - 18735888 _____ (M-Audio) C:\Users\deco\Downloads\Install_M-Audio_Fast_Track_6.1.12.exe
2016-04-21 23:50 - 2016-04-22 00:13 - 00000000 ____D C:\Users\deco\Desktop\split reaction
2016-04-21 22:40 - 2016-04-24 22:34 - 00000000 ____D C:\Users\deco\Desktop\plugins
2016-04-21 21:48 - 2016-04-21 21:48 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-04-21 21:21 - 2016-04-23 22:35 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-04-21 21:21 - 2016-04-21 21:22 - 00000000 ___SD C:\Program Files (x86)\Waves
2016-04-21 19:46 - 2016-04-19 12:58 - 00000000 ____D C:\Users\deco\Downloads\Waves.Complete.v9.6_2016.04.13_OffLine.WiN
2016-04-20 22:16 - 2016-04-20 22:16 - 00000000 ____D C:\Users\deco\AppData\Roaming\IK Multimedia
2016-04-20 21:54 - 2016-04-23 23:24 - 00000000 ___SD C:\ProgramData\Waves Audio
2016-04-20 21:54 - 2016-04-21 22:08 - 00000000 ___SD C:\Users\deco\AppData\Roaming\Waves Audio
2016-04-20 21:54 - 2016-04-21 21:09 - 00000000 ____D C:\Users\deco\AppData\Local\Waves Audio
2016-04-20 21:53 - 2016-04-21 21:22 - 00000000 ___SD C:\Users\Public\Waves Audio
2016-04-20 21:52 - 2016-04-23 21:56 - 00000000 ____D C:\Program Files (x86)\Waves Central
2016-04-20 21:30 - 2016-04-18 01:10 - 00000000 ____D C:\Users\deco\Downloads\Waves.Patch-VR
2016-04-20 20:50 - 2016-04-20 21:00 - 00000000 ____D C:\Users\deco\Downloads\Waves Complete v9.6 2016.04.13 AAX RTAS VST VST3 WiN
2016-04-18 21:20 - 2016-04-18 21:20 - 00125835 _____ C:\Users\deco\Downloads\esperando.la.carroza.spanish.srt
2016-04-18 21:19 - 2016-04-18 21:19 - 00102438 _____ C:\Users\deco\Downloads\Secret.in.Their.Eyes.2015.720p.BluRay.x264-DRONES.srt
2016-04-18 21:12 - 2016-04-18 21:12 - 00000000 ____D C:\Users\deco\Downloads\Esperando.la.Carroza.DVDRip.Xvid.Spanish.Latino.[www.LatinoDivx.com]
2016-04-18 21:09 - 2016-04-18 21:28 - 00000000 ____D C:\Users\deco\Downloads\The.Secret.In.Their.Eyes.2009.720p.BluRay.x264-x0r
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\WINDOWS\SysWOW64\w3data.vss
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\WINDOWS\SysWOW64\msvcsv60.dll
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\WINDOWS\msocreg32.dat
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\Users\deco\AppData\Roaming\msregsvv.dll
2016-04-17 23:55 - 2016-04-23 19:09 - 00000016 _____ C:\ProgramData\autobk.inc
2016-04-17 23:52 - 2016-04-23 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2016-04-17 23:51 - 2016-04-24 22:29 - 00000000 ____D C:\Program Files (x86)\VstPlugIns
2016-04-17 23:51 - 2016-04-23 21:19 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2016-04-17 23:51 - 2016-04-17 23:53 - 00000000 ____D C:\Users\deco\Documents\IK Multimedia
2016-04-17 22:50 - 2016-04-17 22:50 - 00000000 ____D C:\Users\deco\Documents\BIAS
2016-04-17 22:36 - 2016-04-23 22:35 - 00000000 ____D C:\Program Files\VSTPlugins
2016-04-17 22:36 - 2016-04-17 22:36 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-04-17 22:17 - 2016-04-17 22:30 - 00000000 ____D C:\Users\deco\Downloads\Positive Grid BIAS FX v1.1.0.745-R2R [oddsox]
2016-04-17 21:57 - 2016-04-28 02:36 - 00001912 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-04-17 21:57 - 2016-04-28 02:35 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-17 21:57 - 2016-04-17 21:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-17 21:57 - 2016-04-17 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-17 21:49 - 2016-04-17 21:56 - 41896256 _____ (Apple Inc.) C:\Users\deco\Downloads\QuickTimeInstaller.exe
2016-04-17 21:35 - 2016-04-17 21:43 - 00000000 ____D C:\Users\deco\Documents\untitled
2016-04-17 21:31 - 2016-04-23 21:20 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-04-17 21:31 - 2016-04-17 21:31 - 00462174 _____ C:\Users\deco\Downloads\ASIO4ALL_2_13_English.exe
2016-04-17 20:56 - 2016-04-17 20:56 - 00000000 ____D C:\Users\deco\AppData\Roaming\Trillium Lane
2016-04-17 20:54 - 2016-04-17 20:54 - 00000000 ____D C:\Users\deco\AppData\Roaming\PACE Anti-Piracy
2016-04-17 20:54 - 2016-04-17 20:54 - 00000000 ____D C:\Users\deco\AppData\Local\PACE Anti-Piracy
2016-04-17 20:54 - 2016-04-17 20:54 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2016-04-17 20:15 - 2016-04-28 13:27 - 00000000 ____D C:\Users\deco\AvidLogFiles
2016-04-17 20:03 - 2016-04-17 21:32 - 00000000 ____D C:\Users\deco\AppData\Roaming\Avid
2016-04-17 19:27 - 2016-04-17 19:27 - 00000000 ____D C:\ProgramData\PACE
2016-04-17 18:32 - 2016-04-17 18:35 - 00000000 ____D C:\Users\deco\Downloads\Avid.Pro.Tools.v10.3.5.HD.Incl.Patch.v2.WiN.x32.x64-TEAMVR
2016-04-16 12:01 - 2016-04-16 12:01 - 00134821 _____ C:\Users\deco\Downloads\e00042482.pdf
2016-04-14 10:12 - 2016-04-14 10:12 - 01201740 _____ C:\Users\deco\Downloads\Contrato humaita .pdf
2016-04-13 22:00 - 2016-04-13 22:00 - 00070063 _____ C:\Users\deco\Desktop\productos nao lancados grut.xlsx
2016-04-13 20:24 - 2016-04-13 20:24 - 07729152 _____ C:\Users\deco\Desktop\grut13-4.xls
2016-04-13 16:42 - 2016-04-13 16:42 - 00241426 _____ C:\Users\deco\Desktop\2019083385016904.txt
2016-04-13 15:18 - 2016-04-13 15:18 - 33518592 _____ C:\Users\deco\Desktop\catalogodream416.xls
2016-04-13 13:35 - 2016-04-13 13:35 - 19607285 _____ C:\Users\deco\Desktop\ListaStock.xml
2016-04-13 11:07 - 2016-04-02 00:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 11:07 - 2016-03-29 07:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 11:07 - 2016-03-29 07:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 11:07 - 2016-03-29 06:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 11:07 - 2016-03-29 05:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 11:07 - 2016-03-29 05:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 11:07 - 2016-03-29 05:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 11:07 - 2016-03-29 05:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 11:07 - 2016-03-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 11:07 - 2016-03-29 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 11:07 - 2016-03-29 04:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 11:07 - 2016-03-29 04:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 11:07 - 2016-03-29 04:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 11:07 - 2016-03-29 04:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 11:07 - 2016-03-29 04:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 11:07 - 2016-03-29 04:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 11:07 - 2016-03-29 04:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 11:07 - 2016-03-29 04:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 11:07 - 2016-03-29 04:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 11:07 - 2016-03-29 04:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 11:07 - 2016-03-29 04:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 11:07 - 2016-03-29 04:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 11:07 - 2016-03-29 03:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 11:07 - 2016-03-29 03:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 11:07 - 2016-03-29 03:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 11:07 - 2016-03-29 03:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 11:07 - 2016-03-29 03:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 11:07 - 2016-03-29 03:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 11:07 - 2016-03-29 03:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 11:07 - 2016-03-29 03:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 11:07 - 2016-03-29 03:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 11:07 - 2016-03-29 03:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 11:07 - 2016-03-29 03:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 11:07 - 2016-03-29 03:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 11:07 - 2016-03-29 03:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 11:07 - 2016-03-29 02:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 11:07 - 2016-03-29 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 11:07 - 2016-03-29 02:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 11:07 - 2016-03-29 02:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 11:07 - 2016-03-29 02:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 11:07 - 2016-03-29 02:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 11:07 - 2016-03-29 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 11:07 - 2016-03-29 02:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 11:07 - 2016-03-29 02:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 11:07 - 2016-03-29 02:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 11:07 - 2016-03-29 02:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 11:06 - 2016-04-02 01:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 11:06 - 2016-04-02 01:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 11:06 - 2016-04-02 00:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 11:06 - 2016-04-02 00:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 11:06 - 2016-04-02 00:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 11:06 - 2016-04-02 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 11:06 - 2016-04-02 00:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 11:06 - 2016-04-02 00:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 11:06 - 2016-04-02 00:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 11:06 - 2016-04-02 00:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 11:06 - 2016-04-02 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 11:06 - 2016-03-29 07:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 11:06 - 2016-03-29 07:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 11:06 - 2016-03-29 07:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 11:06 - 2016-03-29 07:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 11:06 - 2016-03-29 07:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 11:06 - 2016-03-29 06:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 11:06 - 2016-03-29 06:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 11:06 - 2016-03-29 06:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 11:06 - 2016-03-29 06:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 11:06 - 2016-03-29 06:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 11:06 - 2016-03-29 06:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 11:06 - 2016-03-29 06:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 11:06 - 2016-03-29 05:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 11:06 - 2016-03-29 05:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 11:06 - 2016-03-29 05:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 11:06 - 2016-03-29 05:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 11:06 - 2016-03-29 05:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 11:06 - 2016-03-29 04:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 11:06 - 2016-03-29 04:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 11:06 - 2016-03-29 04:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 11:06 - 2016-03-29 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 11:06 - 2016-03-29 04:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 11:06 - 2016-03-29 04:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 11:06 - 2016-03-29 04:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 11:06 - 2016-03-29 04:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 11:06 - 2016-03-29 04:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 11:06 - 2016-03-29 04:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 11:06 - 2016-03-29 04:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 11:06 - 2016-03-29 04:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 11:06 - 2016-03-29 04:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 11:06 - 2016-03-29 04:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 11:06 - 2016-03-29 04:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 11:06 - 2016-03-29 04:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 11:06 - 2016-03-29 04:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 11:06 - 2016-03-29 04:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 11:06 - 2016-03-29 04:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 11:06 - 2016-03-29 04:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 11:06 - 2016-03-29 04:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 11:06 - 2016-03-29 04:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 11:06 - 2016-03-29 04:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 11:06 - 2016-03-29 04:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 11:06 - 2016-03-29 04:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 11:06 - 2016-03-29 04:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 11:06 - 2016-03-29 04:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 11:06 - 2016-03-29 04:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 11:06 - 2016-03-29 04:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 11:06 - 2016-03-29 04:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 11:06 - 2016-03-29 03:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 11:06 - 2016-03-29 03:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 11:06 - 2016-03-29 03:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 11:06 - 2016-03-29 03:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 11:06 - 2016-03-29 03:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 11:06 - 2016-03-29 03:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 11:06 - 2016-03-29 03:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 11:06 - 2016-03-29 03:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 11:06 - 2016-03-29 03:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 11:06 - 2016-03-29 03:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 11:06 - 2016-03-29 03:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 11:06 - 2016-03-29 03:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 11:06 - 2016-03-29 03:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 11:06 - 2016-03-29 03:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 11:06 - 2016-03-29 03:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 11:06 - 2016-03-29 03:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 11:06 - 2016-03-29 03:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 11:06 - 2016-03-29 03:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 11:06 - 2016-03-29 03:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 11:06 - 2016-03-29 03:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 11:06 - 2016-03-29 03:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 11:06 - 2016-03-29 03:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 11:06 - 2016-03-29 03:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 11:06 - 2016-03-29 03:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 11:06 - 2016-03-29 03:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 11:06 - 2016-03-29 03:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 11:06 - 2016-03-29 03:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 11:06 - 2016-03-29 03:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 11:06 - 2016-03-29 03:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 11:06 - 2016-03-29 03:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 11:06 - 2016-03-29 03:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 11:06 - 2016-03-29 03:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 11:06 - 2016-03-29 03:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 11:06 - 2016-03-29 03:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 11:06 - 2016-03-29 02:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 11:06 - 2016-03-29 02:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 11:06 - 2016-03-29 02:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 11:06 - 2016-03-29 02:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 11:06 - 2016-03-29 02:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 11:06 - 2016-03-29 02:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 11:06 - 2016-03-29 02:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 11:06 - 2016-03-29 02:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 11:05 - 2016-04-02 01:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 11:05 - 2016-04-02 01:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 11:05 - 2016-04-02 00:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 11:05 - 2016-04-02 00:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 11:05 - 2016-04-02 00:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 11:05 - 2016-04-02 00:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 11:05 - 2016-04-02 00:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 11:05 - 2016-04-02 00:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 11:05 - 2016-04-02 00:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 11:05 - 2016-04-02 00:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 11:05 - 2016-04-02 00:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 11:05 - 2016-03-29 07:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 11:05 - 2016-03-29 07:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 11:05 - 2016-03-29 07:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 11:05 - 2016-03-29 07:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 11:05 - 2016-03-29 07:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 11:05 - 2016-03-29 06:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 11:05 - 2016-03-29 06:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 11:05 - 2016-03-29 06:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 11:05 - 2016-03-29 06:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 11:05 - 2016-03-29 06:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 11:05 - 2016-03-29 06:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 11:05 - 2016-03-29 06:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 11:05 - 2016-03-29 06:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 11:05 - 2016-03-29 06:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 11:05 - 2016-03-29 06:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 11:05 - 2016-03-29 05:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 11:05 - 2016-03-29 05:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 11:05 - 2016-03-29 05:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 11:05 - 2016-03-29 05:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 11:05 - 2016-03-29 05:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 11:05 - 2016-03-29 05:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 11:05 - 2016-03-29 05:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 11:05 - 2016-03-29 05:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 11:05 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 11:05 - 2016-03-29 05:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 11:05 - 2016-03-29 05:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 11:05 - 2016-03-29 05:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 11:05 - 2016-03-29 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 11:05 - 2016-03-29 05:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 11:05 - 2016-03-29 04:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 11:05 - 2016-03-29 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 11:05 - 2016-03-29 04:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 11:05 - 2016-03-29 04:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 11:05 - 2016-03-29 04:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 11:05 - 2016-03-29 04:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 11:05 - 2016-03-29 04:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 11:05 - 2016-03-29 04:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 11:05 - 2016-03-29 04:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 11:05 - 2016-03-29 04:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 11:05 - 2016-03-29 04:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 11:05 - 2016-03-29 04:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 11:05 - 2016-03-29 04:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 11:05 - 2016-03-29 04:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 11:05 - 2016-03-29 04:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 11:05 - 2016-03-29 04:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 11:05 - 2016-03-29 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 11:05 - 2016-03-29 04:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 11:05 - 2016-03-29 04:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 11:05 - 2016-03-29 04:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 11:05 - 2016-03-29 04:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 11:05 - 2016-03-29 04:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 11:05 - 2016-03-29 04:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 11:05 - 2016-03-29 04:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 11:05 - 2016-03-29 04:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 11:05 - 2016-03-29 04:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 11:05 - 2016-03-29 04:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 11:05 - 2016-03-29 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 11:05 - 2016-03-29 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 11:05 - 2016-03-29 04:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 11:05 - 2016-03-29 04:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 11:05 - 2016-03-29 04:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 11:05 - 2016-03-29 04:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 11:05 - 2016-03-29 04:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 11:05 - 2016-03-29 04:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 11:05 - 2016-03-29 04:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 11:05 - 2016-03-29 04:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 11:05 - 2016-03-29 04:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 11:05 - 2016-03-29 04:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 11:05 - 2016-03-29 04:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 11:05 - 2016-03-29 04:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 11:05 - 2016-03-29 04:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 11:05 - 2016-03-29 04:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 11:05 - 2016-03-29 04:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 11:05 - 2016-03-29 04:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 11:05 - 2016-03-29 04:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 11:05 - 2016-03-29 04:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 11:05 - 2016-03-29 04:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 11:05 - 2016-03-29 04:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 11:05 - 2016-03-29 04:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 11:05 - 2016-03-29 04:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 11:05 - 2016-03-29 03:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 11:05 - 2016-03-29 03:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 11:05 - 2016-03-29 03:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 11:05 - 2016-03-29 03:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 11:05 - 2016-03-29 03:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 11:05 - 2016-03-29 03:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 11:05 - 2016-03-29 03:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 11:05 - 2016-03-29 03:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 11:05 - 2016-03-29 03:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 11:05 - 2016-03-29 03:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 11:05 - 2016-03-29 03:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 11:05 - 2016-03-29 03:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 11:05 - 2016-03-29 03:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 11:05 - 2016-03-29 03:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 11:05 - 2016-03-29 03:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 11:05 - 2016-03-29 03:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 11:05 - 2016-03-29 03:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 11:05 - 2016-03-29 03:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 11:05 - 2016-03-29 03:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 11:05 - 2016-03-29 03:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 11:05 - 2016-03-29 03:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 11:05 - 2016-03-29 03:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 11:05 - 2016-03-29 03:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 11:05 - 2016-03-29 03:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 11:05 - 2016-03-29 03:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 11:05 - 2016-03-29 03:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 11:05 - 2016-03-29 02:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 11:05 - 2016-03-29 02:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 11:05 - 2016-03-29 02:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 11:05 - 2016-03-29 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 11:05 - 2016-03-29 02:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 11:05 - 2016-03-29 02:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 11:05 - 2016-03-29 02:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 11:05 - 2016-03-29 02:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-08 13:29 - 2016-04-13 13:11 - 00000000 ____D C:\Users\deco\Desktop\2015 statements
2016-04-08 12:57 - 2016-04-28 02:35 - 00002547 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-04-08 12:57 - 2016-04-08 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-04-07 16:45 - 2016-04-07 16:45 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-04 14:16 - 2016-04-04 14:16 - 00115712 _____ C:\Users\deco\Downloads\Nip Joints - Planejamento Orcamentario e Cronograma .xls
2016-04-04 13:53 - 2016-04-06 21:12 - 00000000 ____D C:\Users\deco\Desktop\Bounces
2016-04-04 13:00 - 2016-04-04 13:00 - 01474912 _____ (MegaCloud Limited) C:\Users\deco\Downloads\MegaCloud_Setup.exe
2016-04-04 13:00 - 2016-04-04 13:00 - 00000000 ____D C:\ProgramData\Web Installer
2016-04-03 16:29 - 2016-04-03 16:29 - 00000000 ____D C:\Users\deco\Downloads\TurboTax Home & Business 2015
2016-03-29 13:43 - 2016-03-29 13:43 - 00000000 ____D C:\Program Files\iTunes
2016-03-29 13:34 - 2016-03-29 13:34 - 06079975 _____ C:\Users\deco\Downloads\CopyTransDriversInstallerv2.036.zip
2016-03-29 13:34 - 2016-01-20 10:08 - 06362264 _____ (WindSolutions) C:\Users\deco\Desktop\CopyTransDriversInstaller.exe
2016-03-29 13:27 - 2016-04-28 02:34 - 00001431 _____ C:\Users\deco\Desktop\CopyTrans Control Center.lnk
2016-03-29 13:27 - 2016-03-29 13:27 - 00000000 ____D C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2016-03-29 13:26 - 2016-03-29 13:50 - 00000000 ____D C:\ProgramData\WindSolutions
2016-03-29 13:26 - 2016-03-29 13:43 - 00000000 ____D C:\Users\deco\AppData\Roaming\WindSolutions
2016-03-29 13:26 - 2016-03-29 13:26 - 06786720 _____ (WindSolutions) C:\Users\deco\Downloads\Install_CopyTransControlCenter.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 23:03 - 2015-12-12 01:35 - 01008216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-28 23:03 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-28 23:01 - 2011-10-25 15:18 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-28 23:00 - 2015-12-12 01:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-28 22:58 - 2015-10-30 03:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-28 21:45 - 2012-07-22 14:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-28 21:40 - 2011-10-25 15:18 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-28 21:39 - 2014-07-29 15:14 - 00000392 _____ C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job
2016-04-28 21:39 - 2014-07-29 15:14 - 00000392 _____ C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job
2016-04-28 21:35 - 2012-07-21 12:52 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job
2016-04-28 12:59 - 2015-10-29 20:02 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-04-28 12:52 - 2015-12-12 01:35 - 00000000 ____D C:\Users\deco
2016-04-28 12:36 - 2014-02-06 19:44 - 00000000 ____D C:\WINDOWS\system32\log
2016-04-28 12:36 - 2013-11-12 14:15 - 00000000 ____D C:\AdwCleaner
2016-04-28 12:08 - 2015-11-05 09:06 - 00000000 ____D C:\Users\deco\AppData\LocalLow\Temp
2016-04-28 11:25 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-28 11:23 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-28 10:37 - 2014-08-13 14:38 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-28 03:27 - 2011-08-07 14:17 - 00000000 ____D C:\Users\deco\AppData\Roaming\vlc
2016-04-28 03:26 - 2012-10-12 13:08 - 00000000 ____D C:\Users\deco\AppData\Roaming\Audacity
2016-04-28 03:25 - 2016-02-08 20:59 - 00000000 ____D C:\Users\deco\Desktop\New folder
2016-04-28 03:03 - 2014-02-06 19:46 - 00001421 _____ C:\WINDOWS\wininit.ini
2016-04-28 02:40 - 2014-02-23 15:34 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-04-28 02:38 - 2013-09-04 17:11 - 00000000 ____D C:\Users\deco\Desktop\Virus Tools
2016-04-28 02:37 - 2016-01-07 18:34 - 00000000 ____D C:\Users\deco\Documents\Sound recordings
2016-04-28 02:36 - 2015-12-02 14:21 - 00001268 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2016-04-28 02:36 - 2015-11-05 08:59 - 00002122 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-28 02:36 - 2014-11-07 09:08 - 00001224 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2016-04-28 02:36 - 2014-08-13 18:25 - 00002003 _____ C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2016-04-28 02:36 - 2014-04-08 11:33 - 00001148 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2016-04-28 02:36 - 2014-02-07 11:22 - 00001282 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2016-04-28 02:36 - 2013-12-06 18:55 - 00000941 _____ C:\Users\Public\Desktop\FLV2PC.lnk
2016-04-28 02:36 - 2013-11-17 15:52 - 00001936 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-04-28 02:36 - 2012-10-03 22:52 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-28 02:36 - 2011-09-28 14:31 - 00002162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-28 02:36 - 2011-09-03 18:03 - 00000864 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-28 02:35 - 2015-12-12 01:44 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-28 02:35 - 2015-11-05 08:59 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-28 02:35 - 2015-11-04 12:37 - 00002405 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-28 02:35 - 2015-11-04 10:42 - 00001055 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-04-28 02:35 - 2015-10-23 09:02 - 00002517 _____ C:\Users\Public\Desktop\TurboTax Business 2014.lnk
2016-04-28 02:35 - 2015-09-30 06:23 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-28 02:35 - 2014-11-07 21:20 - 00000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-04-28 02:35 - 2014-06-22 19:03 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TMAC v6.lnk
2016-04-28 02:35 - 2014-06-22 19:03 - 00001164 _____ C:\Users\Public\Desktop\TMAC v6.lnk
2016-04-28 02:35 - 2013-12-07 13:23 - 00002198 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-28 02:35 - 2013-10-20 15:46 - 00000833 _____ C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-04-28 02:35 - 2012-12-26 11:59 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2016-04-28 02:35 - 2012-10-12 13:08 - 00000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-04-28 02:35 - 2011-09-28 14:31 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-28 02:35 - 2011-09-04 05:58 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-28 02:35 - 2007-10-10 19:40 - 00001338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-04-28 02:35 - 2007-10-10 19:40 - 00001269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-04-28 02:35 - 2007-10-10 19:39 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-04-28 02:35 - 2007-10-10 19:39 - 00001422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-04-28 02:34 - 2014-02-12 22:21 - 00001155 _____ C:\Users\deco\Desktop\Downloads - Shortcut.lnk
2016-04-28 02:34 - 2013-10-20 15:46 - 00000853 _____ C:\Users\deco\Desktop\µTorrent.lnk
2016-04-28 02:34 - 2013-01-29 11:09 - 00001913 _____ C:\Users\deco\Desktop\Skype.lnk
2016-04-28 02:34 - 2013-01-25 19:36 - 00000999 _____ C:\Users\deco\Desktop\MKV Player.lnk
2016-04-28 02:34 - 2012-10-12 13:08 - 00000975 _____ C:\Users\deco\Desktop\Audacity.lnk
2016-04-28 02:30 - 2014-08-28 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-27 23:35 - 2012-07-21 12:52 - 00000868 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job
2016-04-27 23:25 - 2014-08-28 13:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-27 23:23 - 2014-08-28 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-27 20:14 - 2014-02-07 10:26 - 00001750 _____ C:\sc-cleaner.txt
2016-04-27 13:03 - 2011-08-03 14:49 - 00000000 ____D C:\Users\deco\AppData\Local\VirtualStore
2016-04-27 11:06 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-27 01:36 - 2016-01-24 15:12 - 00000000 ___HD C:\Users\deco\AppData\Local\fxTJ3wOFPpr5
2016-04-26 13:10 - 2015-11-19 22:38 - 00000000 ____D C:\Program Files (x86)\Excel Image Assistant
2016-04-26 13:10 - 2014-03-25 12:49 - 00000000 ____D C:\Users\deco\AppData\Local\Packages
2016-04-26 12:56 - 2014-11-25 13:45 - 00000000 ____D C:\Users\deco\Documents\Outlook Files
2016-04-25 10:16 - 2012-08-19 01:32 - 00000000 ____D C:\Users\deco\AppData\Roaming\Skype
2016-04-24 22:24 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-24 22:24 - 2009-07-14 00:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-24 12:09 - 2015-12-12 01:26 - 04920128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-23 22:36 - 2014-07-29 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-23 21:56 - 2010-08-28 02:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-23 16:13 - 2012-07-20 18:38 - 00000000 ____D C:\Users\deco\AppData\Roaming\uTorrent
2016-04-23 11:16 - 2015-11-04 12:37 - 00000000 ___RD C:\Users\deco\OneDrive
2016-04-22 04:57 - 2011-09-05 00:30 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 22:21 - 2011-11-24 22:20 - 00000000 ____D C:\Users\deco\AppData\Local\ElevatedDiagnostics
2016-04-17 21:57 - 2011-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-17 21:57 - 2011-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-17 20:25 - 2014-11-07 21:22 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-17 20:25 - 2011-08-03 14:48 - 00000000 ____D C:\Users\deco\AppData\Roaming\Adobe
2016-04-16 10:27 - 2011-08-03 14:48 - 00000000 ____D C:\Users\deco\AppData\Local\Adobe
2016-04-14 18:24 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 09:50 - 2014-09-24 15:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-14 09:47 - 2009-07-13 23:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 22:05 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 21:59 - 2015-10-23 09:04 - 00000000 ____D C:\Users\deco\Desktop\amazon
2016-04-13 14:50 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 14:47 - 2013-08-19 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 14:33 - 2011-10-26 19:55 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 14:09 - 2014-07-29 15:40 - 00000000 ____D C:\Program Files\Nitro
2016-04-13 13:11 - 2015-11-17 12:37 - 00000044 _____ C:\Users\deco\Desktop\card.txt
2016-04-08 13:16 - 2012-01-24 22:07 - 00000000 ____D C:\Users\deco\AppData\Roaming\Intuit
2016-04-08 13:00 - 2012-01-24 22:06 - 00001095 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-08 12:57 - 2012-01-24 22:05 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-04-06 15:32 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 15:32 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 13:43 - 2012-07-21 03:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-29 13:41 - 2012-07-21 03:51 - 00000000 ____D C:\ProgramData\Apple
2016-03-29 13:38 - 2011-09-02 00:44 - 00000000 ____D C:\Program Files\iPod
2016-03-29 13:38 - 2011-09-02 00:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-29 13:38 - 2011-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Bonjour

==================== Files in the root of some directories =======

2014-11-20 13:54 - 2014-11-20 13:54 - 0000132 _____ () C:\Users\deco\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-03-22 14:54 - 2015-05-22 13:04 - 0000033 _____ () C:\Users\deco\AppData\Roaming\AdobeWLCMCache.dat
2014-08-28 13:04 - 2014-08-28 13:06 - 0000043 _____ () C:\Users\deco\AppData\Roaming\mbam.context.scan
2016-04-17 23:55 - 2016-04-23 19:09 - 0000016 _____ () C:\Users\deco\AppData\Roaming\msregsvv.dll
2014-08-02 18:23 - 2014-08-28 18:07 - 0000086 _____ () C:\Users\deco\AppData\Roaming\WB.CFG
2007-10-10 19:34 - 2007-10-10 19:37 - 0015438 _____ () C:\ProgramData\ArcadeDeluxe4.log
2016-04-17 23:55 - 2016-04-23 19:09 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-08-04 20:33 - 2016-01-24 19:37 - 0000705 _____ () C:\ProgramData\currentlist.txt
2011-09-03 15:21 - 2011-09-03 18:33 - 0000646 _____ () C:\ProgramData\hpzinstall.log
2012-01-24 22:06 - 2016-04-08 13:00 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-09-03 18:03 - 2011-09-03 18:04 - 0000090 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
C:\Users\deco\AppData\Local\Temp\libeay32.dll
C:\Users\deco\AppData\Local\Temp\msvcr120.dll
C:\Users\deco\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-25 09:48

==================== End of FRST.txt ============================

 

 


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Where is security essentials finding this ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp
C:\Program Files\McAfee Security Scan
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

JHlUMFt.png Scan with Malwarebytes Anti-Malware
  • Please download Malwarebytes Anti-Malware to your desktop
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

  • 0

#9
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Here we go again:

 

EmptyTemp: => 326.7 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:30:49 ====
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by deco (2016-04-28 23:05:39)
Running from C:\Users\deco\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-12 05:00:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3406242734-3781281278-1370421689-500 - Administrator - Disabled)
deco (S-1-5-21-3406242734-3781281278-1370421689-1000 - Administrator - Enabled) => C:\Users\deco
DefaultAccount (S-1-5-21-3406242734-3781281278-1370421689-503 - Limited - Disabled)
Guest (S-1-5-21-3406242734-3781281278-1370421689-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3406242734-3781281278-1370421689-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.5 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.5 - Avid Technology, Inc.)
BIAS FX Plugins Pack (64bit) (HKLM\...\{77558DEB-4B65-4921-8855-D8593EF5BCDD}) (Version: 1.1.0.745 - PositiveGrid)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\CopyTrans Suite) (Version: 4.006 - WindSolutions)
Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Excel Image Assistant (HKLM-x32\...\Excel Image Assistant) (Version:  - )
FLV2PC v5.9.0 (HKLM-x32\...\FLV2PC_is1) (Version: 5.9.0 - )
Free Sound Recorder v10.7.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2015 FreeSoundRecorder Technologies, Inc.)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKV Player 2.1 (HKLM-x32\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SoulSeek 157 NS 13c (HKLM-x32\...\Soulseek2) (Version:  - )
Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax Business 2014 (HKLM-x32\...\TurboTax Business 2014) (Version: 2014.0 - Intuit, Inc)
Update for PriceFountain (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\{301B9AD6-7631-5375-2237-33F8E3343557}) (Version:  - Update for PriceFountain) <==== ATTENTION
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waves Central 1.1.0.22 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.1.0 - Waves, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {073DB72E-520B-476A-83CD-8D0EFBCCD693} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0990C8D9-EE91-48A8-A7EA-BC16B9F5E633} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0AAA4631-90BD-4059-9953-D7789AD22A9F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {0B882D45-82EB-4285-8153-8FEE43C7811E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1731CFA9-44C9-4895-8951-191264F40C88} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {1E2C773E-1E8F-4220-B806-3AE93DAFBECF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1E90BD4A-9FD0-493C-9566-3AF6C05E52D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1EFE906B-4FE7-4140-A3B5-F86B6F64ADFE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {23B0C235-4701-4C8F-9601-0251DA8AD908} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {298C1599-D9DB-4C4A-BA02-088F48977A54} - System32\Tasks\WpsNotifyTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: {2ACA76F7-0D5F-4C79-9BDE-4350D390B30D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2ADA7A2F-622C-4AFB-B1D9-B999209051D6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {365D86BC-5134-47B1-BB11-740B2110BFAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {37A5DD81-DA52-4D1C-91E5-5040D016AFD5} - System32\Tasks\{BA70839E-3DF2-4CE1-88F6-355ABC9E2756} => pcalua.exe -a C:\Users\deco\Downloads\OJJ3600_Basic_8.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3AF2CE55-D5C8-4103-ABE3-CA221248000C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {3E323ED9-C944-476D-9C9F-11B8A91C5C04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3F3BD157-DFAC-461B-91A5-817D0B419232} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {400BAD29-BE43-48EB-BB65-38B21C018A7D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4717237E-E6F3-41FB-96DD-AD0656BF1538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4DC3C2C2-54DB-499D-A7E8-52D3D75F0DE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {53E76346-070C-4782-9790-EF8865266376} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-24] ()
Task: {566F65A2-1225-4932-9D23-7B8A8D203CFA} - System32\Tasks\WpsUpdateTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
Task: {5AD32A4A-8487-4178-A0FF-3EC87AAE9786} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {675B0837-4E35-4CD2-AEC9-B86D968B94DC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {68147C55-59B1-4AD2-9D48-E11474E770B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6B941C49-48AD-4D32-8C29-A0767F055E6F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {76B35647-2001-4BFF-A915-7AB628E63652} - System32\Tasks\{94406A97-1D05-4EDC-9023-3A95ADF895DD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {819D4373-D2B8-48BA-ACA0-230CFB0116F5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8AB962DC-3BAB-410D-8136-A43F66D75638} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8D181F06-1B71-487F-B064-8F759498D053} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {95867F60-D3A9-4BB0-8320-B76440C6D679} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {960C5D1A-E9A3-418B-A83E-6066467903A1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9ED3F406-964D-4D6D-A9E2-408371E347D0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A499A215-0EAB-4331-837B-56F6FDE3518D} - System32\Tasks\{F04144C3-83B0-4F3B-93EA-02F7C7EA719A} => pcalua.exe -a "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)\Adobe Photoshop CS3 BR + plugins.exe" -d "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)"
Task: {A9FEC67A-CF3A-486D-AAF0-C74F405BA1F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {AD8635C9-BDDD-46EF-8707-68EB52587AFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B1C22FF1-FA09-4B2C-BBE9-157DBF93F18B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B4874A9D-B4A4-42F6-A34C-CA78981C4576} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B552622A-A873-472B-9675-34F57C9197D8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {BF81E49F-1AC9-41F2-A733-AD1B97FF5CD3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C2449A8A-385F-431A-AAA9-A12ADC7A50B3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CE60488E-EFBF-4DB9-95E0-21B8F09855D5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D8FC8D76-9CE2-4035-BE20-68A7814DD301} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {DCA58A7C-F574-4CF9-85CE-F164468A48EA} - System32\Tasks\{8780E631-761F-43D1-B7EE-72AD457648EC} => pcalua.exe -a "C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe" -d "C:\Program Files (x86)\ESET\ESET Online Scanner"
Task: {E278F4FE-3B4B-4B1B-BFF2-3666BAE67D3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E2C81D1E-43D3-4176-A7A0-8A98ECDE546A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E944B168-1C2B-4D5F-9BA1-5CE3EC0E0035} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {ED4943D8-8203-4EBB-85AA-8187CEE1988A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F361E2B5-1C1C-44ED-AD56-6171645895E8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F8A9EA0E-7700-4C36-AEE7-F6464B3BC7DA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {FA46A383-0D24-4D24-A320-DB99E0A6F007} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FE6C2BCF-F8B2-4494-AA07-8E0BD0C53ADA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-09-24 15:09 - 2014-09-24 15:09 - 03727360 _____ () C:\Windows\AutoKMS\AutoKMS.exe
2015-11-20 09:57 - 2015-11-20 09:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 09:57 - 2015-11-20 09:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-10-26 18:59 - 2014-10-26 18:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-19 18:59 - 2016-04-19 18:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-13 11:07 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-23 11:16 - 2016-04-23 11:16 - 00959176 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-09-15 09:58 - 2015-09-15 09:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 09:09 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 11:05 - 2016-04-02 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 11:06 - 2016-04-02 00:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 11:05 - 2016-04-01 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 11:06 - 2016-04-01 23:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 11:07 - 2016-04-02 00:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-08-04 09:40 - 2010-08-04 09:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-10-29 15:06 - 2014-10-29 15:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-10-30 01:41 - 2014-10-30 01:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 01:41 - 2014-10-30 01:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2016-04-19 18:59 - 2016-04-19 18:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-23 11:15 - 2016-04-23 11:15 - 00679624 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2010-08-04 06:47 - 2010-08-04 06:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 201.17.0.64 - 201.17.0.92
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IAAnotif"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GoforFilesInstaller Starter"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{6524771A-8D5D-4DFE-8890-89E80B697B07}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{333035C3-47AC-468E-9B34-F3F93279131F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{24F34BBE-B9E6-4AA0-ABB5-83218659640F}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{FFD32ED0-94F9-4FE2-AFC6-D074C390837B}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{8B882952-1FE3-4A5A-ADA2-7F113818DFFD}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{36F6E301-0EB6-47CF-8B45-D14D3925316B}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8CB0BA09-1E6C-4387-BE61-DE8B895C3F8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FDE3F47F-12A1-40C2-9DDE-CA111EAD6226}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{83EC21CA-57BD-464F-B7F3-F704FF0C9684}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6D26D805-A69E-4F5C-9A79-1ED48DD3E7AF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7F37147D-813A-42BF-B9F9-9A5FF56AFC33}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C176598F-A553-43F2-AFE3-8C9DA3C7B830}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{62AB4B90-7C98-4A77-998D-6B9EB22BD795}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{72CB84AB-6594-43CF-B1D9-2433089BC041}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D4B0B46E-D0B2-41F3-A2B5-791D02146DD4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{47B6A7A5-778C-4A80-A9CF-E78A0C662FCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6FA2DB3B-7623-4D05-84AD-19A61ABBBA3E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4E42EE5D-9017-4445-BD46-9BF3B2B36C65}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D3DB5C8A-6530-47FA-99C4-25E31D2AAA0A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C65F13CF-EFFA-4E9E-B2FB-7D802931DB3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6828F2C7-3DE4-4BC6-B55D-EC6018BB6298}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A6D3005-62E5-46B6-BF48-92A713D3F00B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5DD4D070-9151-4532-8A21-A5AD168D5D66}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query User{E4CAA90C-042A-434F-85F7-0D4B247647F3}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [TCP Query User{8E1D36BE-6BFC-4DE6-8B25-53D688BD904D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{E958F3CC-3AA0-4700-B7A6-4F7B91DF6C31}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{A202D653-AF53-40DC-B91B-46D03F38F385}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{36D3D8DC-6BC3-46BF-A5A4-99A5E29A1B2A}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{8548DBCE-BD77-4E8D-954E-E6CD87277880}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe
FirewallRules: [TCP Query User{30BA92D4-8F4F-4419-AB0C-1B768727551C}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{DB372440-C8A3-43C8-B7CB-9180C01DCFF3}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [{AABEA036-0A8F-4F5B-AA37-18CFC48BA752}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [{2717205D-7214-462D-AC43-D26716E49765}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{4FE0F591-75ED-440A-B4F0-0792AC778378}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe
FirewallRules: [{4396C909-C46C-4196-8FD3-0C5D13FB1E3C}] => (Allow) C:\Users\deco\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{4A531FA3-484A-47F1-AA73-B85C826B3FFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A71CBC3C-FA60-44B1-A5C6-B623A82D62A3}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{5CEA14B5-C21E-490C-B923-95AAC635863D}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe
 
==================== Restore Points =========================
 
20-04-2016 21:52:41 Installed Waves Central V1.0.3.3
23-04-2016 21:22:16 Removed Waves Central V1.0.3.3
28-04-2016 12:07:11 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/28/2016 10:58:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x56c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (04/28/2016 10:58:04 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1388) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 
Error: (04/28/2016 10:54:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x15e0
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5
 
Error: (04/28/2016 10:54:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()
 
Error: (04/28/2016 01:06:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2016 01:06:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2016 12:50:56 PM) (Source: McLogEvent) (EventID: 5046) (User: NT AUTHORITY)
Description: 
 
Error: (04/28/2016 12:43:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: deco-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/28/2016 12:33:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2016 12:33:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/28/2016 11:00:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058
 
Error: (04/28/2016 11:00:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/28/2016 10:58:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The State Repository Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/28/2016 10:58:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2240041 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/28/2016 10:54:10 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #21, {9A7F07DA-64C9-4648-9C86-8AB866A95BC5}, had event 76
 
Error: (04/28/2016 09:45:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/28/2016 01:50:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_1627b6 service to connect.
 
Error: (04/28/2016 01:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1627b6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/28/2016 01:35:24 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (04/28/2016 01:29:06 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
 
CodeIntegrity:
===================================
  Date: 2016-04-28 10:21:12.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-27 19:19:31.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-27 19:19:31.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-27 19:19:29.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-27 19:19:29.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-26 12:26:05.356
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-26 12:26:05.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-26 12:26:05.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-26 12:26:04.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-26 12:26:04.717
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4061.17 MB
Available physical RAM: 2425.54 MB
Total Virtual: 8157.17 MB
Available Virtual: 6602.16 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:911.88 GB) (Free:644.98 GB) NTFS
Drive d: (FLASH DRIVE) (Removable) (Total:3.6 GB) (Free:1.54 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FBC288CC)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: 61B7D1A5)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/29/2016
Scan Time: 10:13 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.29.07
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: deco
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 656501
Time Elapsed: 26 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am seeing no further infection, what problems are you having ?

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#11
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi, the computer looks ok. Thank You!

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-04-30 13:10:28
-----------------------------
13:10:28.423    OS Version: Windows x64 6.2.9200 
13:10:28.423    Number of processors: 2 586 0x170A
13:10:28.424    ComputerName: DECO-PC  UserName: deco
13:10:37.830    Initialize success
13:10:37.833    VM: initialized successfully
13:10:37.834    VM: outdated driver version !
13:13:48.898    AVAST engine defs: 16043000
13:14:37.827    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000042
13:14:37.829    Disk 0 Vendor: WDC_WD10EARS-22Y5B1 80.00A80 Size: 953869MB BusType: 11
13:14:37.963    Disk 0 MBR read successfully
13:14:37.965    Disk 0 MBR scan
13:14:38.006    Disk 0 Windows 7 default MBR code
13:14:38.015    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20000 MB offset 2048
13:14:38.035    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 40962048
13:14:38.046    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       933767 MB offset 41166848
13:14:38.083    Disk 0 scanning C:\WINDOWS\system32\drivers
13:14:50.918    Service scanning
13:15:32.768    Modules scanning
13:15:32.802    Disk 0 trace - called modules:
13:15:32.817    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys 
13:15:32.821    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0013f521060]
13:15:32.825    3 CLASSPNP.SYS[fffff801a49e7d95] -> nt!IofCallDriver -> \Device\00000042[0xffffe0013efbc060]
13:15:37.989    AVAST engine scan C:\WINDOWS
13:15:53.069    AVAST engine scan C:\WINDOWS\system32
13:20:52.683    AVAST engine scan C:\WINDOWS\system32\drivers
13:22:11.128    AVAST engine scan C:\Users\deco
13:55:13.173    AVAST engine scan C:\ProgramData
14:04:29.701    Disk 0 statistics 5907121/0/0 @ 1.15 MB/s
14:04:29.708    Scan finished successfully
14:20:44.720    Disk 0 MBR has been saved successfully to "C:\Users\deco\Desktop\MBR.dat"
14:20:44.725    The log file has been saved successfully to "C:\Users\deco\Desktop\aswMBRlog.txt"

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP